|
Hi,
director: 203.159.0.100
realserver: 203.159.0.10 (used for squid cache)
realserver: 203.159.0.14 (used for squid cache)
director#ipvsadm -n -L
IP Virtual Server version 1.0.6 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
FWM 1 wlc persistent 320
-> proxy02.ait.ac.th:80 Route 8 65 53
-> proxy01.ait.ac.th:80 Route 12 99 91
Hmm, you specified -n and still ipvsadm shows names??
No problem at all. But I need to upgrade the distrubution in director to
block Nimda/DoS by implementing iptables using iplimits (limit simultenious
connection from the source IP).
What makes you think that your plan would help defeating/fighting the problem
you're experiencing?
1. Do I also need to upgade real servers into kernet 2.4.xx and need
iptables instead of ipchains?
No.
> ipchains -A input -s 0/0 -d 203.159.0.100/255.255.255.255 -j ACCEPT
iptables -t filter -A INPUT -s 0/0 -d 203.159.0.100/32 -j ACCEPT
ipchains -A input -s 0/0 -d 127.0.0.1/255.255.255.255 -j ACCEPT
ipchains -A input -s 0/0 -d 0/0 80 -p tcp -j REDIRECT 80 -m 1
Why do you need those two rules? What exactly are you trying to do here? I think
you would like to fwmark the VIP but what for? But why the redirect?
What would be the equivalent syntax of last ipchains rule? Or any other
rules need to be applied for kernel 2.4.XX?
The LVS Documentation should provide you with enough information.
Best regards,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
| 