|
Peter Mueller wrote:
>
> I can't think of many situations where you would have different rules than
> just a NAT type firewall box. Like Joe says trial and error is good here.
The problem is that now that LVS is a netfilter module,
it was not possible to write it in the netfilter format,
and so there are collisions between LVS rules and netfilter
rules.
The specs for LVS never included it being a firewall as well.
That was just too hard.
http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO.filter_rules.html#firewall_on_director
However while any arbitary grouping of rules that would be OK
by netfilter, may not be OK in the presence of LVS, you should
be able to get most of what you want.
Joe
--
Joseph Mack PhD, Senior Systems Engineer, SAIC contractor
to the National Environmental Supercomputer Center,
ph# 919-541-0007, RTP, NC, USA. mailto:mack.joseph@xxxxxxx
|
