|
Hello All,
I need your help reg. LVS
My LVS is running on kernel 2.2.XX (Trustix 1.5):
Purpose: load balancing of squid proxy servers
director: 203.159.0.100
realserver: 203.159.0.10 (used for squid cache)
realserver: 203.159.0.14 (used for squid cache)
director#ipvsadm -n -L
IP Virtual Server version 1.0.6 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
FWM 1 wlc persistent 320
-> proxy02.ait.ac.th:80 Route 8 65 53
-> proxy01.ait.ac.th:80 Route 12 99 91
No problem at all. But I need to upgrade the distrubution in director to
block Nimda/DoS by implementing iptables using iplimits (limit simultenious
connection from the source IP).
1. Do I also need to upgade real servers into kernet 2.4.xx and need
iptables instead of ipchains?
2. I have ipchains in director -
ipchains -A input -s 0/0 -d 127.0.0.1/255.255.255.255 -j ACCEPT
ipchains -A input -s 0/0 -d 203.159.0.100/255.255.255.255 -j ACCEPT
ipchains -A input -s 0/0 -d 0/0 80 -p tcp -j REDIRECT 80 -m 1
What would be the equivalent syntax of last ipchains rule? Or any other
rules need to be applied for kernel 2.4.XX?
Thank you.
------------
Faruk Ahmed
System & Network Administrator
ITServ, Asian Institute of Technology
Klong Luang, P.O. Box - 4
Pathumthani 12120, Thailand
|
