lvs-users
|
To: | lvs-users@xxxxxxxxxxxxxxxxxxxxxx |
---|---|
Subject: | Re: LVS and host based firewall |
From: | "Mike Radomski" <Mike.Radomski@xxxxxxxxxxxxxxxxxx> |
Date: | Fri, 10 May 2002 04:59:06 -0400 |
Hello, I was able to get it to work using the redirect approach to the arp problem. Previously I was using the hidden interface approach. If any one is interested, here is the SuSEfirewall rules that worked: FW_DEV_WORLD="eth0" FW_DEV_INT="eth1" FW_DEV_DMZ="" FW_ROUTE="no" FW_AUTOPROTECT_GLOBAL_SERVICES="no" FW_PROTECT_FROM_INTERNAL="no" FW_SERVICES_INTERNAL_TCP="1:65535" FW_SERVICES_INTERNAL_UDP="1:65535" FW_SERVICES_EXTERNAL_TCP="www https ssh lotusnote" FW_SERVICES_EXTERNAL_UDP="www https ssh lotusnote" FW_TRUSTED_NETS="xxx.xxx.xxx.xxx/24" FW_SERVICES_TRUSTED_TCP="1:65535" FW_SERVICES_TRUSTED_UDP="1:65535" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_ALLOW_PING_FW="yes" FW_REDIRECT_TCP="0/0,yyy.yyy.yyy.yyy" #where yyy.yyy.yyy.yyy is the VIP Mike Radomski SUNY - ITEC Information Technology Exchange Center Systems Programmer/Analyst E-mail: Mike.Radomski@xxxxxxxxxxxxxxxxxx Systems E-Mail: scsys@xxxxxxxxxxxxxxxxxx Phone: (716)878-4832 Cellular: (716)866-7039 Fax: (716)878-4235
Hello, I have a LVS cluster that performs Direct Routing for Windows and Linux real servers. Everything is working quite well for load balancing a Domino cluster. We are now implementing a Linux Domino Cluster and would like to put a host based firewall on each real server. The real servers are running SuSE linux. I have been trying to use SuSEfirewall for simplicity, though usually use ipchains. When I turn on the firewall, the real servers are still listed in ipvsadm, but do not receive connections. I can get directly to the real servers via their IP. Here are my SuSEfirewall rules: FW_DEV_WORLD="eth0" FW_DEV_INT="eth1" FW_DEV_DMZ="" FW_ROUTE="no" FW_AUTOPROTECT_GLOBAL_SERVICES="no" FW_PROTECT_FROM_INTERNAL="no" FW_SERVICES_INTERNAL_TCP="1:65535" FW_SERVICES_INTERNAL_UDP="1:65535" FW_SERVICES_EXTERNAL_TCP="www https ssh lotusnote" FW_SERVICES_EXTERNAL_UDP="www https ssh lotusnote" FW_TRUSTED_NETS="xxx.xxx.xxx.xxx/24" FW_SERVICES_TRUSTED_TCP="1:65535" FW_SERVICES_TRUSTED_UDP="1:65535" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_ALLOW_PING_FW="yes" If anyone has any suggestions for SuSEfirewall or ipchains, it would be greatly appreciated. Thank you, Mike Radomski SUNY - ITEC Information Technology Exchange Center Systems Programmer/Analyst E-mail: Mike.Radomski@xxxxxxxxxxxxxxxxxx Systems E-Mail: scsys@xxxxxxxxxxxxxxxxxx Phone: (716)878-4832 Cellular: (716)866-7039 Fax: (716)878-4235 |
<Prev in Thread] | Current Thread | [Next in Thread> |
---|---|---|
|
Previous by Date: | Re: LVS and host based firewall, Joseph Mack |
---|---|
Next by Date: | KeepAlivedD 0.5.7, Richard . Newman |
Previous by Thread: | Re: LVS and host based firewall, Joseph Mack |
Next by Thread: | KeepAlivedD 0.5.7, Richard . Newman |
Indexes: | [Date] [Thread] [Top] [All Lists] |