RE: Streamline Highly Availability and Load Balancing

[Peter Mueller <pmueller@xxxxxxxxxxxx>]

> > iptables -t nat -A PREROUTING -p tcp -d 10.1.57.100 --dport 
> > 80 -j REDIRECT
> > --to-port 80
> 
> mine looks like the same as yours :)
> 
> # LVS black-magic (transparent proxy solution for solving ARP problem)
> # 11 = sidestep client, 13 = maps, 14 = images, 15 = www
> $IPTABLES -t nat -A PREROUTING -p tcp -d 64.211.248.11 --dport 80 -j
> REDIRECT --to-port 80
> $IPTABLES -t nat -A PREROUTING -p tcp -d 64.211.248.11 --dport 443 -j
> REDIRECT --to-port 443

On my directors I also have these rules:

# vip 1
$IPTABLES -A INPUT -i $EXT_INT -p icmp -d $VIP1 --icmp-type echo-reply -m
limit --limit 5/second -j ACCEPT
$IPTABLES -A INPUT -i $EXT_INT -p icmp -d $VIP1 --icmp-type echo-request -m
limit --limit 5/second -j ACCEPT
$IPTABLES -A INPUT -i $EXT_INT -p icmp -d $VIP1 --icmp-type
destination-unreachable -m limit --limit 5/second -j ACCEPT
$IPTABLES -A INPUT -i $EXT_INT -p icmp -d $VIP1 --icmp-type source-quench -m
limit --limit 5/second -j ACCEPT
$IPTABLES -A INPUT -i $EXT_INT -p icmp -d $VIP1 --icmp-type time-exceeded -m
limit --limit 5/second -j ACCEPT
$IPTABLES -A INPUT -i $EXT_INT -p icmp -d $VIP1 --icmp-type
parameter-problem -m limit --limit 5/second -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT_INT -p icmp -s $VIP1 --icmp-type echo-reply -m
limit --limit 5/second -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT_INT -p icmp -s $VIP1 --icmp-type echo-request -m
limit --limit 5/second -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT_INT -p icmp -s $VIP1 --icmp-type
destination-unreachable -m limit --limit 5/second -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT_INT -p icmp -s $VIP1 --icmp-type source-quench
-m limit --limit 5/second -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT_INT -p icmp -s $VIP1 --icmp-type time-exceeded
-m limit --limit 5/second -j ACCEPT
$IPTABLES -A OUTPUT -o $EXT_INT -p icmp -s $VIP1 --icmp-type
parameter-problem -m limit --limit 5/second -j ACCEPT

Sorry for the double post, but I just love my ICMP rules ;).

P