|
On Thu, Jul 25, 2002 at 09:06:35AM +0700, Le Van Thanh wrote:
> In the article "ARP problem with LVS/DR and LVS/TUN", the writer tell me a
> way to solve the arp problem by using iptables by using the following command:
>
> iptables -t nat -A PREROUTING -p tcp -d <VIP> --dport <vport> -j REDIRECT
> --to-port <vport>
>
> Can anyone please tell me what this command does and how I use it?
When a packet is recienved for the IP address <VIP> on port <vport>
then it will be directed to the port <vport> on the local host.
This is a method of having packets processed locally by a host
even if they are not addressed to an IP address on the host.
However, I do not believe that this approach will work on a 2.4 kernel
as the reply packets will be sent with the source IP address of
the interface that they were sent from. This will not match
the VIP and will almost certainly cause the end-user's machine
to reject the reply packets. See:
http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO-15.html#ss15.4
> I tried to setup an alias interface in a real computer( running http service)
> with vip=10.70.75.4
I don't think that you need an alias if you are using iptables
as you describe.
> and then I typed the command
>
> iptables -t nat -A PREROUTING -p tcp -d 10.70.75.4 --dport 80 -j REDIRECT
> --to-port 80
>
> But it failed ( I could browse the web pages through this alias interface).
Could you please give some indicaation of what errors you are seeing?
I suspect that you are missing the ipt_REDIRECT module in your kernel.
Perhaps the following command will help:
modprobe ipt_REDIRECT
--
Horms
|
