|
From: Julian Anastasov <ja@xxxxxx>
Subject: Re: 2.4.17 realserver not answering requests
Date: Wed, 6 Feb 2002 23:27:13 +0000 (GMT)
Yes, may be this rule is the key:
> iptables -A INPUT -i $IFACE -d $IP -p tcp --dport 80 -m state --state
> NEW,ESTABLISHED -j ACCEPT
LVS does not play with the netfilter's conntracking.
"Does not play" - does that mean LVS' connections don't register as having a
state of any kind, or that iptables is incompatible in some way with LVS?
I'm certain I'm not the first person on earth to attempt to use iptables
concurrently with LVS-DR under 2.4. Does anyone have an example ruleset for
either|both director and realserver that allows LVS to function?
You can try to remove these rules for the test but someone else
has to comment on the consequences.
Everything is denied by default, so my only option is to attempt to figure
out what LVS requires of both boxes' iptables and attempt to accomodate it
as best I can within reason.
Anyone on the list worked with iptables and LVS-DR?
Thanks again.
_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
| 