Hello,
On Thu, 20 Dec 2001, Kees Hoekzema wrote:
> Hello,
>
> What i want is probably the best described in a sort formal programming
> language;
> I want to do the following with LVS (if possible)
>
> Requests all on port 80 (http)
>
> IF client_ip = 123.123.123.123
> THEN
> forward client to real-server1:1234 // just a static http server
> ELSEIF client_ip = 222.222.222.22
> THEN
> forward client to real-server1:1234 // just a static http server
> ELSE
> forward client to real-server1:80 // ie. do loadbalancing
>
> Why this?
> I want to have "ip-bans" directly inserted in my firewall/lvs, but i want
> the users
> to know why they are banned / seeing an other page then what they expected.
>
> I could also do this in apache with mod_rewrite, but I rather use the LVS.
> Does anyone know if this is possible with the latest LVS and/or iptables.
You can try to create two fwmark-based virtual services, for
example, with mark 1 -> real-server1:1234 and mark 2 -> real-server1:80.
It is possible only with NAT to change the dest port of the out->in
packets. The difficult thing is to set the fwmark according to the
client IP. The above example is solved easy with small number of
firewall rules (that mark the packet) but what if you have many
client IPs for marking with 1?
> tia,
> Kees Hoekzema
Regards
--
Julian Anastasov <ja@xxxxxx>
|