|
Dear lvs gurus,
I have a working linux virtual server (redhat 7.3, patched kernel 2.4.18
from kernel.org, ipvs 1.0.6 compiled as modules) that does load balancing
(LVS_NAT) to two web and ftp servers. I'm currently looking at closing up
some open ports on the lvs machine and would like to use an iptables based
firewall for that. I have a couple of questions that other people might
have wrestled with and maybe have resolved:
- Does an incoming packet get processed by the ip-vs system first or by the
iptable rules? If I drop packets to all ports in the iptables setup - do I
need to explicitly open the ports used for the lvs? Will I break anything by
adding iptable rules?
- Has anyone else used a iptables configuration script/gui to add
firewalling to their director successfully? All I really need is to close
all ports except for the load balanced ones, and to do some static forwards
(not via the lvs system).
Thanks,
Rutger
BenQ. "Bringing Enjoyment 'N Quality to Life". Enjoyment Matters.
|
