Ok, I understand.
So something like:
iptables -A FORWARD -i eth0 -s 90.0.0.35/32 -j DROP
iptables -A INPUT -i eth0 -s 90.0.0.35/32 -j DROP
on the director should plug the hole on the external side?
-----Original Message-----
From: Julian Anastasov [mailto:ja@xxxxxx]
Sent: Monday, July 08, 2002 6:30 PM
To: Jeff
Cc: Joseph Mack; lvs-users@xxxxxxxxxxxxxxxxxxxxxx; Horms
Subject: RE: FW: LVS-Tun and Fwmarks
Hello,
On Mon, 8 Jul 2002, Jeff wrote:
> Hmmm. I don't understand.
>
> I still have Source Route Verification turned on on the Director. The VIP
> resides on the real servers only, on their respective tunl0 device. In
this
> setup, where is the spoof coming in?
Only if 90.0.0.30/24 is on eth1, not on eth0. Of course,
your setup in the first posting is ambiguous. I don't see the
IP and routing rules. I hope everything is going well. You can
check it with:
ip route get from 90.0.0.35 to 90.0.0.35 iif eth0
Regards
--
Julian Anastasov <ja@xxxxxx>
|