RE: Other strange LB balancing issue

To:	"'lvs-users@xxxxxxxxxxxxxxxxxxxxxx'" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>, "'cyrille@xxxxxxxxxxxxx'" <cyrille@xxxxxxxxxxxxx>
Subject:	RE: Other strange LB balancing issue
From:	Peter Mueller <pmueller@xxxxxxxxxxxx>
Date:	Tue, 3 Dec 2002 15:46:11 -0800

> you instead just create a firewall rule saying "change the syn request
> destination IP address from VIP to my external IP so that the 
> request goes
> to the VIP".  Since the real server doesn't have an alias 
  ^^^^^^^^^^^^

I meant to say "change the syn request destination IP frop VIP to external
IP so that the server can answer requests for the VIP".

P

PS - the only rules you need on the LVS director box is something like:
"echo 1 > /proc/sys/net/ipv4/ip_forward".
# allow HTTP/HTTPS traffic to vips
$IPTABLES -A INPUT -p tcp -j ACCEPT -i $EXT_INT -d $VIP1 --dport 80
$IPTABLES -A INPUT -p tcp -j ACCEPT -i $EXT_INT -d $VIP1 --dport 443
# icmp, vip 1
$IPTABLES -A INPUT -i $EXT_INT -p icmp -d $VIP1 --icmp-type echo-reply -m
limit --limit 5/second -j ACCEPT
$IPTABLES -A INPUT -i $EXT_INT -p icmp -d $VIP1 --icmp-type echo-request -m
limit --limit 5/second -j ACCEPT
$IPTABLES -A INPUT -i $EXT_INT -p icmp -d $VIP1 --icmp-type
destination-unreachable -m limit --limit 5/second -j ACCEPT
$IPTABLES -A INPUT -i $EXT_INT -p icmp -d $VIP1 --icmp-type source-quench -m
limit --limit 5/second -j ACCEPT
$IPTABLES -A INPUT -i $EXT_INT -p icmp -d $VIP1 --icmp-type time-exceeded -m
limit --limit 5/second -j ACCEPT
$IPTABLES -A INPUT -i $EXT_INT -p icmp -d $VIP1 --icmp-type
parameter-problem -m limit --limit 5/second -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT_INT -p icmp -s $VIP1 --icmp-type echo-reply -m
limit --limit 5/second -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT_INT -p icmp -s $VIP1 --icmp-type echo-request -m
limit --limit 5/second -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT_INT -p icmp -s $VIP1 --icmp-type
destination-unreachable -m limit --limit 5/second -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT_INT -p icmp -s $VIP1 --icmp-type source-quench
-m limit --limit 5/second -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT_INT -p icmp -s $VIP1 --icmp-type time-exceeded
-m limit --limit 5/second -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT_INT -p icmp -s $VIP1 --icmp-type
parameter-problem -m limit --limit 5/second -j ACCEPT

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Other strange LB balancing issue, (continued) Re: Other strange LB balancing issue, Cyrille Mertes RE: Other strange LB balancing issue, Peter Mueller Re: Other strange LB balancing issue, Cyrille Mertes RE: Other strange LB balancing issue, Peter Mueller Re: Other strange LB balancing issue, Cyrille Mertes Re: Other strange LB balancing issue, Joseph Mack Re: Other strange LB balancing issue, Cyrille Mertes RE: Other strange LB balancing issue, Peter Mueller Re: Other strange LB balancing issue, Joseph Mack Re: Other strange LB balancing issue, Mike McLean RE: Other strange LB balancing issue, Peter Mueller <= RE: Other strange LB balancing issue, Peter Mueller

Previous by Date:	RE: Other strange LB balancing issue, Peter Mueller
Next by Date:	Re: Other strange LB balancing issue, Joseph Mack
Previous by Thread:	Re: Other strange LB balancing issue, Mike McLean
Next by Thread:	RE: Other strange LB balancing issue, Peter Mueller
Indexes:	[Date] [Thread] [Top] [All Lists]