|
On Thursday 22 April 2004 14:37, Joseph Mack wrote:
> > tcp 0 0 127.0.0.1:22 0.0.0.0:* LISTEN
>
> for localnode, the service has to listen on the VIP (see the HOWTO and my
> earlier reply) otherwise when the service replies, the packets will be coming
> from localhost rather than VIP.
Thanks all. It works now using a rule like
-A -t 134.100.10.99:22 -s wlc
-a -t 132.100.10.99:22 -r 192.168.0.1 -m
-a -t 132.100.10.99:22 -r 192.168.0.2 -m
...
-a -t 132.100.10.99:22 -r 132.100.10.99
...
-a -t 132.100.10.99:22 -r 192.168.0.10 -m
while the ssh is listening on 132.100.10.99:22. Seemed redundant in a way,
but the only way to let the localnode participate. But I had to switch on SNAT
also to get all services work properly from the realservers. Is that meant to
be so?
Micha.
--
-- Michael Daum
-- Natural Language Systems
-- Department of Informatics
---University of Hamburg
-- http://nats-www.informatik.uni-hamburg.de/~micha
|
