|
On Mon, 21 Oct 2002, Rutger van Oosten wrote:
> Dear lvs gurus,
>
> I have a working linux virtual server (redhat 7.3, patched kernel 2.4.18
> from kernel.org, ipvs 1.0.6 compiled as modules) that does load balancing
> (LVS_NAT) to two web and ftp servers. I'm currently looking at closing up
> some open ports on the lvs machine and would like to use an iptables based
> firewall for that. I have a couple of questions that other people might
> have wrestled with and maybe have resolved:
>
> - Does an incoming packet get processed by the ip-vs system first or by the
> iptable rules? If I drop packets to all ports in the iptables setup - do I
> need to explicitly open the ports used for the lvs? Will I break anything by
> adding iptable rules?
I believe the iptables rules are processed before LVS stuff.
>
> - Has anyone else used a iptables configuration script/gui to add
> firewalling to their director successfully? All I really need is to close
> all ports except for the load balanced ones, and to do some static forwards
> (not via the lvs system).
I'm using iptables on my directors to block access to the directors and to
also block access by spammers.
-Matt
|
