|
We currently run Ipchains on our LVS-TUN servers so I (myself) believe that
there shouldn't be a problem.
Again I would guess that the process is: Interface -> Kernel(IPChain IN) ->
IPVS(kernel) -> Kernel(IPChain OUT) -> Interface, anyone like to correct me?
Laurie.
-----Original Message-----
From: Rutger van Oosten [mailto:R.vanOosten@xxxxxxxxxxx]
Sent: 21 October 2002 11:05
To: 'lvs-users@xxxxxxxxxxxxxxxxxxxxxx'
Subject: Using both IP-VS and IPTables.
Dear lvs gurus,
I have a working linux virtual server (redhat 7.3, patched kernel 2.4.18
from kernel.org, ipvs 1.0.6 compiled as modules) that does load balancing
(LVS_NAT) to two web and ftp servers. I'm currently looking at closing up
some open ports on the lvs machine and would like to use an iptables based
firewall for that. I have a couple of questions that other people might
have wrestled with and maybe have resolved:
- Does an incoming packet get processed by the ip-vs system first or by the
iptable rules? If I drop packets to all ports in the iptables setup - do I
need to explicitly open the ports used for the lvs? Will I break anything by
adding iptable rules?
- Has anyone else used a iptables configuration script/gui to add
firewalling to their director successfully? All I really need is to close
all ports except for the load balanced ones, and to do some static forwards
(not via the lvs system).
Thanks,
Rutger
BenQ. "Bringing Enjoyment 'N Quality to Life". Enjoyment Matters.
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
|
