LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

RE: fwmarks usage

To: "'LinuxVirtualServer.org users mailing list.'" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: fwmarks usage
From: Matthias Krauss <MKrauss@xxxxxxxxxxxxxx>
Date: Tue, 30 Dec 2003 15:17:43 +0100

>Matthias:
>> for aol traffic i'm doing this:
>> 
>>  #http://webmaster.info.aol.com/proxyinfo.html
>>  #insert all hosts from above, sample:
>> 
>>  AOLPROXY="64.12.96.0/19"
>> 
>>  for aolproxys in $AOLPROXY ; do
>>   iptables -t mangle -A PREROUTING -p tcp -s $aolproxys -d 
>> VirtualIP/32 --dport 80 -j MARK --set-mark 1  done
>> 
>>  ipvsadm -A -f 1 -s wrr -p 3600 -M 255.255.255.0
>>  ipvsadm -a -f 1 -r RealIP -g
>>  #=> All listed AOL traffic ois now going to 'RealIP'

>Oh. I think if it works for you it should work for me. Two questions :

>Is there an easy way to do it in keepalived.conf ? What is the meaning of
the -M option when you use -f.

>Finally, here are the IPs AOL told me they use for their clients :

>64.12.0.0 - 64.12.255.255
>152.163.0.0 - 152.163.255.255
>172.128.0.0 - 172.191.255.255 
>195.93.0.0 - 195.93.63.255
>195.93.64.0 - 195.93.127.255
>198.81.0.0 - 198.81.31.255
>202.67.64.0 - 202.67.95.255
>205.188.0.0 - 205.188.255.255

>I'll try to find my way with it, many thanks for your help,

>François.

François,
this is the full list which i'm using, there is no guaranty that they are
all valid, i've spend some
time and analysed the aol incomming traffic and this was the result:

AOLPROXY="64.12.96.0/19 152.163.188.0/21 152.163.189.0/21 152.163.194.0/21
152.163.195.0/21 152.163.197 152.163.201.0/21 \
152.163.204.0/21 152.163.205.0/21 152.163.206.0/21 152.163.207.0/21
152.163.213.0/21 152.163.240.0/21 \
152.163.248.0/22  152.163.252.0/23 195.93.32.0/22 195.93.48.0/22
195.93.64.0/19  198.81.0.0/22 198.81.8.0/23 \
198.81.16.0/21 198.81.26.0/23 202.67.64.0/21 205.188.178.0/21
205.188.192.0/21 205.188.193.0/21 205.188.195.0/21 \
205.188.196.0/21 205.188.197.0/21 205.188.198.0/21 205.188.199.0/21
205.188.200.0/21 205.188.201.0/21 \
205.188.208.0/21 205.188.209.0/21"

-f stands for the FWMARK which you're using, in our sample -f 1 while -M is
the netmask.


Good luck

Matthias



<Prev in Thread] Current Thread [Next in Thread>