|
Horms wrote:
> > there;'s a solutions that apparently came originally from Julian
> >
> > http://marc.theaimsgroup.com/?l=linux-virtual-server&m=106020019020431&w=2
>
> That is pretty straight forward and basically the way fwmarks
> work if you are using them for more than one IP address, which
> was the reason they were origionally added to the LVS code.
^^^^
"they" == fwmarks?
> The route commands are needed because ipvs is called after routing takes
> place. I think that in the case of fwmarks it would be best to move the
> code to the prerouting stage to avoid the need for this. I.e. hook
> ip_vs_in into NF_IP_PRE_ROUTING instead of NF_IP_LOCAL_IN.
what will this get us? We won't need the route command? Are you
going to do it, or are you just thinking out loud?
> > http://marc.theaimsgroup.com/?l=linux-virtual-server&m=106020171022117&w=2
> > (this is the one I don't understand, why are the packets being accepted
> > locally?)
>
> The packets are delivered locally because of the "local" in
>
> ip route add local 0/0 dev lo table 100
>
> Again, this isn't really the way it was supposed to work AFAIR.
if/since this works, why do we need transparent proxy (if we ever did)?
Can I put this in the HOWTO as a generalised way of accepting packets
on the director when using fwmark with LVS.
> > http://marc.theaimsgroup.com/?l=linux-virtual-server&m=106020384024935&w=2
> >
> > http://marc.theaimsgroup.com/?l=linux-virtual-server&m=106025816703369&w=2
> >
> > http://marc.theaimsgroup.com/?l=linux-virtual-server&m=106027054519969&w=2
> I don't follow what there is to understand. Those three
> meesages refer to specifics of what Matthew Crocker is
> doing with his network with snort.
sorry, I guess I once I got started, I couldn't stop swiping with the mouse.
Joe
--
Joseph Mack PhD, High Performance Computing & Scientific Visualization
SAIC, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.johnb@xxxxxxx
|
