|
Julian Anastasov wrote:
> Don't forget the ICMP traffic related
> to the allowed TCP connections, you have to pass it too (in FORWARD).
on the LVS-DR realservers I'm doing the following
1. from RIP to RIP_network is put out on eth0
(trivial to handle)
2. from VIP to 0/0 via SERVER_GW
3. from RIP to selected targets (eg 0/0:80, x.x.x.x:53) via ANOTHER_GW
(in my setup ANOTHER_GW is SERVER_GW, but for the general case
they can be different). I do this by marking the selected packets
with iptables and then routing the marked packets via ANOTHER_GW.
4. from RIP to all other destinations currently via DIP
(where they are filtered out),
or I could DROP them at the realserver.
I understand icmp packets are sent according to the dst (true?)
Here I have 3 routes for packets with dst_addr != RIP_network,
one for src_addr=VIP, another for dst_addr=selected address:port,
another for all other packets.
How do I handle the 3 cases?
Thanks Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|
