|
> So it's look like to the arp problem ?
Maybe. Here are firewall rules for ipchains and iptables that work for me.
You'll have to change port 80 to what you want.
# allow ip forwarding (required), turn off on private (eth0) for security.
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/eth0/forwarding
# rules for LVS to fix arp issues -- transparent proxy method (HORMS)
$IPCHAINS -A input -j REDIRECT 80 -d $VIP 80 -p tcp
or iptables
$IPTABLES -t nat -A PREROUTING -p tcp -d $VIP --dport 80 -j REDIRECT
--to-port 80
What are you using right now to redirect traffic from the VIP to the
application? I think as long as you place these rules before any accept
statements you should be able to test it out without changing that around.
P
|
