|
> >
>
> > |__________| eth1 10.77.77.250
> > | forwarding is enabled
> > (switch) ipchains -P forward DENY
> > | ipchains -A forward -s 10.77.77.0/24 -j
> > MASQ
> > ----------------------------------
>
> you should not setup an LVS with ipchains rules.
> You can add them afterwards to filter packets but
> not till after you have the LVS working.
Since my last post, I am able to get services running, BUT I found a
problem which you may/may not know about.
Everything has been working fine, until I restarted the rules, and added
in another machine.
As it turns out I have stale masq entries.
IP masquerading entries
prot expire source destination ports
TCP 6416:49.08 10.77.77.4 CIP 80 (61159) -> 30944
TCP 6610:33.65 10.77.77.2 CIP 80 (61190) -> 2270
So I removed these machines from the config, and restarted LVS and all is
working now with RIP 10.77.77.1 and RIP 10.77.77.3.
A portscan from my workstation (203.x.x.9) confirms that the service is
accepting connections, and no longer being filtered.
When I try and bring them back in, it turns the local network state into
"filtered" when I try and access say from my pc on the same network as the
DIP
Confirmation on this is once again done with a portscan from my
workstation (203.x.x.9) and confirms the service is now filtered.
But all works well from outside of the network.. So I dont get why this
is..
>
> http://www.linux-vs.org/Joseph.Mack/mini-HOWTO/LVS-mini-HOWTO.html#filter_rules
>
I have done this, and it works without any rules/masq applied.. But the
issue that I see is what I said above.
Got any solutions for this?
Ian
> Joe
>
|
