|
> > if I try to direct services to another port
> > (say incoming is VIP:180, this is fw-marked to 0xb, and i've
> > set up a rule to DR packets with 0xb to RIP:80)
>
> how did you setup this rule? You can only change ports with VS-NAT.
> With VS-DR you cannot rewrite the port.
I did it with ldirectord. But it could be done on the cmdline, too:
iptables -t mangle -A PREROUTING -d $VIP -p tcp --dport 180 -j MARK
--set-mark 14
ipvsadm -A -f 14
ipvsadm -a -f 14 -r 192.168.1.20:80 -g
# ipvsadm -L -n
IP Virtual Server version 0.8.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
FWM 14 wlc
-> 192.168.1.20:180 Route 1 0 0
Ok, i think to remember that i read that only the ethernet-address
is changed in DR. But why does it seem to work on first try ?
Is this behaviour changed in later versions ?
> > then i end
> > up in packets to the RIP:VPORT, that is RIP:180 instead
> > of RIP:80.
> >
> > I tried to DNAT this service to port 80,
>
> I don't know who gets the packets first, LVS or DNAT.
> Assuming you get it to work, the behaviour you'll get
> is probably not part of the LVS spec and it may not
> work in the future. LVS has an uneasy coexistance
> with netfilter.
Yes, i already realized that :-( Bad thing is that i
1. need to use both of them and
2. (at least think to) need the above behaviour. Switching to DNAT
is not an option because i want packets to arrive with VIP. Ok,
handling the service on the (real==virtual) port on realserver would
solve the problem...
Regards,
Jürgen
|
