RE: Using both IP-VS and IPTables.

To:	"'lvs-users@xxxxxxxxxxxxxxxxxxxxxx'" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	RE: Using both IP-VS and IPTables.
From:	Rutger van Oosten <R.vanOosten@xxxxxxxxxxx>
Date:	Mon, 21 Oct 2002 14:49:00 +0200

Thanks for all your replies :-) I'm setting up a test server now because I
don't want to meddle with the production system, so it'll be a little while
before I will report back my findings.

One other quick question: How would I get packets to go from iptables to
ipvs? Is there a special chain with a predefined name that i should call
from iptables? So something like the following for incoming http packets:

GOTOLVS     tcp  --  anywhere             myexternallvsaddress dpt:http

or just:

ACCEPT  tcp  --  anywhere             myexternallvsaddress dpt:http

Cheers,

Rutger

-----Original Message-----
From: Matthew S. Crocker [mailto:matthew@xxxxxxxxxxx]
Sent: Monday, 21 October 2002 13:25
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: Using both IP-VS and IPTables.

On Mon, 21 Oct 2002, Rutger van Oosten wrote:

> Dear lvs gurus,
> 
> I have a working linux virtual server (redhat 7.3, patched kernel 2.4.18
> from kernel.org, ipvs 1.0.6 compiled as modules) that does load balancing
> (LVS_NAT) to two web and ftp servers. I'm currently looking at closing up
> some open ports on the lvs machine and would like to use an iptables based
> firewall for that.  I have a couple of questions that other people might
> have wrestled with and maybe have resolved:
> 
> - Does an incoming packet get processed by the ip-vs system first or by
the
> iptable rules? If I drop packets to all ports in the iptables setup - do I
> need to explicitly open the ports used for the lvs? Will I break anything
by
> adding iptable rules?

I believe the iptables rules are processed before LVS stuff.

> 
> - Has anyone else used a iptables configuration script/gui to add
> firewalling to their director successfully? All I really need is to close
> all ports except for the load balanced ones, and to do some static
forwards
> (not via the lvs system).

I'm using iptables on my directors to block access to the directors and to 
also block access by spammers. 

-Matt

_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users

BenQ. "Bringing Enjoyment 'N Quality to Life". Enjoyment Matters.

<Prev in Thread]	Current Thread	[Next in Thread>
Using both IP-VS and IPTables., Rutger van Oosten Re: Using both IP-VS and IPTables., Matthew S. Crocker Re: Using both IP-VS and IPTables., Joseph Mack Re: Using both IP-VS and IPTables., Mike McLean RE: Using both IP-VS and IPTables., laurie . baker RE: Using both IP-VS and IPTables., Rutger van Oosten <= Re: Using both IP-VS and IPTables., Joseph Mack

Previous by Date:	Re: Manipulation tracking infomation of ipvsadm, Joseph Mack
Next by Date:	Re: Using both IP-VS and IPTables., Joseph Mack
Previous by Thread:	RE: Using both IP-VS and IPTables., laurie . baker
Next by Thread:	Re: Using both IP-VS and IPTables., Joseph Mack
Indexes:	[Date] [Thread] [Top] [All Lists]