Hello,
On Mon, 8 Jul 2002, Jeff wrote:
> Thanks to Julian and Joe, I've got the LVS-Tun working using the Director as
> the default gateway of the real servers.
I could not recommend this setting for your setup.
Now you allow spoofing (src=VIP) from the external side. Note
that the recommendation is to open the check only for the real
servers, even "internal" clients can make problems for the
director if they can let the director to accept packet with
src IP=VIP. Of course, if you care you can solve this problem
with firewall rules.
> ip rule add prio 100 fwmark 1 table 100
> ip route add local 0/0 dev lo table 100
> Jeff
Regards
--
Julian Anastasov <ja@xxxxxx>
|