|
Perhaps it would help if somebody could show me where LVS hooks into these
iptables flow paths:
...manglePREROUTING --> natPREROUTING...
...mangleINPUT --> filterINPUT...
...mangleOUTPUT --> natOUTPUT --> filterOUTPUT...
...mangleFORWARD --> filterFORWARD...
...manglePOSTROUTING --> natPOSTROUTING...
I saw a posting in the archive from early last year
(http://marc.theaimsgroup.com/?l=linux-virtual-server&m=98296653726641&w=2),
but that doesn't really help me much and I don't know how up to date it is.
Hopefully it's somewhat out of date, because from the little I understood it
seemed to imply that LVS didn't play too well with iptables. Of course, that
was a year and a half ago....
----- Original Message -----
From: "Joseph Mack" <mack.joseph@xxxxxxx>
To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>; <bench@xxxxxxxxxx>
Sent: Thursday, June 20, 2002 1:31 PM
Subject: Re: LVS-NAT + 2.4 iptables firewalling
>
> > Can I combine the director of a LVS-NAT setup with an iptables-based
natting firewall?
>
> Yes, you are probably just getting yourself locked out with your rules,
> which is pretty easy to do. I've started writing rules into the my
configure
> script but have not turned them on the released version as I didn't finish
> the job before I had to turn to other things. Start off with a quiet
> machine, log all packets and then access one of the services. Write
> rules to accept the packets you want and keep logging the rest. Try
another
> service... Deny all packets that you know aren't needed for your LVS
>
> Joe
>
> --
> Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
> contractor to the National Environmental Supercomputer Center,
> mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
>
|
