|
Horms wrote:
>
> I made the change - it is one line - and very briefly tested it.
> It seemed to work quite well. But it is a change that will most
> likely have side effects so it warrants further thought
> and investigation.
I see, we could have people suddenly falling all over themselves for
quite a while finding all the side effects.
> > if/since this works, why do we need transparent proxy (if we ever did)?
>
> Did we need it for fwmarks? If we did then the current behaviour
> is the same as it has always been.
http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO.routing_tricks.html
you needed to do something to identify each (V)IP can was covered by the fwmark
rules and arrange for those packets to be delivered locally. I thought it
was a kludge to write two sets of rules, one for ipvs and another
for local delivery. I thought you should be able to do something like saying
"deliver locally all packets with fwmark==1"
Joe
--
Joseph Mack PhD, High Performance Computing & Scientific Visualization
SAIC, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.johnb@xxxxxxx
|
