|
On Fri, Apr 12, 2002 at 05:39:09PM +0200, Alexandre CASSEN mentioned:
> >Hi Daniel. Yes, we do a box called the 'S1000', which does use a slightly
> >modified LVS kernel software (ip_vs). We modified ip_vs to get it to play
> >nicely with iptables on the same box, so you don't need a seperate
> >firewall/vpn box.
> So, I assume the source code is available somewhere ?
Yep. The changes we made were posted...I believe in the January archives.
They weren't accepted to the main branch, as the changes were considered
non-mainstream, and they were made from 0.8.2 version, which was a little
old then. Have a look at;
http://www.in-addr.de/pipermail/lvs-users/2002-January/004585.html
> What do you mean by "nicely with iptables" ?
From memory (I didn't do the kernel work), the ip_vs connection tracking
tables and the netfilter connection tracking tables were not always in
synch. So, you couldn't statefully firewall an ip_vs service. There is a
readme included somewhere in that thread.
We've just done a product release. One of our aims is to reimplement
these changes in the 1.0.x branch, if someone hasn't already done so. When
that's done, we'll post those patches to the list also.
John
--
_______________________________________
John Looney Chief Scientist
a n t e f a c t o t: +353 1 8586004
www.antefacto.com f: +353 1 8586014
|
