|
Thanks for that excellent link. It explains a lot. Mostly it left me with
the impression that if I want to leave myself room to experiement with
multi-homing or other advanced routing, I probably should keep that off the
Director box. :)
For what it's worth, my issues disappeared one I removed these iptables nat
rules I had forgotten about:
iptables -t nat -A POSTROUTING -s 192.168.20.3 -o $EXTERNAL_INT -j SNAT --to
10.42.5.151
iptables -t nat -A POSTROUTING -d 192.168.20.3 -s 192.168.20.0/24 -o
$INTERNAL_INT -j SNAT --to 192.168.20.254
iptables -t nat -A POSTROUTING -d 192.168.20.3 -o $INTERNAL_INT -j ACCEPT
iptables -t nat -A PREROUTING -d 10.42.5.151 -j DNAT --to 192.168.20.3
----- Original Message -----
From: "Julian Anastasov" <ja@xxxxxx>
To: "Ben" <bench@xxxxxxxxxx>
Cc: "Joseph Mack" <mack.joseph@xxxxxxx>; <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Sent: Thursday, June 20, 2002 6:08 PM
Subject: Re: LVS-NAT + 2.4 iptables firewalling
> Here is the final version (again very old). Nothing is
> changed in Netfilter and LVS, may be NF added mangle to all hooks
> recently.
>
> http://www.linuxvirtualserver.org/~julian/LVS.txt
>
> Everything else is in the sources.
>
> > Hopefully it's somewhat out of date, because from the little I
understood it
> > seemed to imply that LVS didn't play too well with iptables. Of course,
that
> > was a year and a half ago....
>
> Nothing changed. It works for usual setups.
>
> Regards
>
> --
> Julian Anastasov <ja@xxxxxx>
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
|
