LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: LVS-NAT + 2.4 iptables firewalling

To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: LVS-NAT + 2.4 iptables firewalling
From: "Ben" <bench@xxxxxxxxxx>
Date: Thu, 20 Jun 2002 15:32:00 -0700
Don't bother - it's already in the HOWTO. (Which, BTW, was one of the things
that made the HOWTO hard to read - it had a lot of duplicated info stated in
slightly different ways by many different people.)

The link you mention seems to imply that the lvs code hooks in somewhere
around filterINPUT for packets coming into the LVS and somewhere around
filterFORWARD for packets leaving the LVS. I think. Do  you agree?

----- Original Message -----
From: "Joseph Mack" <mack.joseph@xxxxxxx>
To: "Ben" <bench@xxxxxxxxxx>
Cc: "Joseph Mack" <mack.joseph@xxxxxxxxxxxxxxx>;
<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Sent: Thursday, June 20, 2002 2:28 PM
Subject: Re: LVS-NAT + 2.4 iptables firewalling


> Ben wrote:
> >
> > Perhaps it would help if somebody could show me where LVS hooks into
these
> > iptables flow paths:
>
>
> >
(http://marc.theaimsgroup.com/?l=linux-virtual-server&m=98296653726641&w=2),
>
> ah, that's a good one. I'll put it in the HOWTO.
>
> > but that doesn't really help me much and I don't know how up to date it
is.
>
> netfilter won't be changing in 2.4.x. This is still upto date.
>
> > from the little I understood it
> > seemed to imply that LVS didn't play too well with iptables.
>
> Yes, but you can work around/with it. I don't exactly know where LVS
> hooks the packets either. Some people here do, but I don't.
>
> Here's a posting from when I was doing the same thing
>
> http://marc.theaimsgroup.com/?l=linux-virtual-server&m=99546222705316&w=2
>
> Joe
> --
> Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
> contractor to the National Environmental Supercomputer Center,
> mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>



<Prev in Thread] Current Thread [Next in Thread>