|
Hello,
On Thu, 21 Mar 2002, Alex Senin wrote:
> Show me a work example, please. In e-mail bellow I tryed this,
> and it no works for me.
Please, stop trying to use VIP:0, here is the example
with fwmark (convert it to iptables if needed):
ipchains -N svc1
ipchains -A svc1 -p TCP -d 192.168.1.200 PORT_X -j RETURN
ipchains -A svc1 -p TCP -d 192.168.1.200 PORT_Y -j RETURN
ipchains -A svc1 -p TCP -d 192.168.1.200 PORT_Z -j RETURN
ipchains -A svc1 -p TCP -d 192.168.1.200 -m 1 -j ACCEPT
ipchains -A input -j svc1
use ranges of ports if needed
ipvsadm -A -f 1 -s rr
ipvsadm -a -f 1 -r 192.168.1.5 -i
One last thing: for TUN mode 'ip route get 192.168.1.5' executed
on director must not show 192.168.1.200 as preferred source IP.
For DR and TUN you need to define the VIP as non-preferred
source IP address (VIP!=DIP) for the network (usually achieved by
adding it as alias while DIP is the main interface address).
Regards
--
Julian Anastasov <ja@xxxxxx>
|
