|
On Tue, May 11, 2004 at 07:52:51AM -0400, Joseph Mack wrote:
> Joshua Goodall wrote:
> >
> > I want to setup the situation where the director is one of the clients.
>
> have you read this
>
> http://www.austintek.com/LVS/LVS-HOWTO/mini-HOWTO/LVS-mini-HOWTO.html#gotchas
I hadn't read it. I read it and wasn't convinced, so I tried this patch
(2.4.26):
diff -u -p -r1.1.1.1 ip_vs_core.c
--- ip_vs_core.c 19 Apr 2004 04:54:41 -0000 1.1.1.1
+++ ip_vs_core.c 11 May 2004 13:03:34 -0000
@@ -1036,7 +1036,7 @@ static unsigned int ip_vs_in(unsigned in
* Big tappo: only PACKET_HOST (nor loopback neither mcasts)
* ... don't know why 1st test DOES NOT include 2nd (?)
*/
- if (skb->pkt_type != PACKET_HOST || skb->dev == &loopback_dev) {
+ if (skb->pkt_type != PACKET_HOST) {
IP_VS_DBG(12, "packet type=%d proto=%d daddr=%d.%d.%d.%d
ignored\n",
skb->pkt_type,
iph->protocol,
then added
iptables -t mangle -A OUTPUT -p tcp -s 0/0 -d $VIP --dport $VIPP -j MARK
--set-mark 2
to the existing
ip rule add prio 100 fwmark 2 table 100
ip route add local 0/0 dev lo table 100
and now my fwmark-based LVS-DR director does the job for clients and for
itself. To make LVS-NAT work, we'd also need to be able to choose the
masqueraded source address, which would be a much longer diff. I
didn't try LVS-Tun, but that would probably be workable like LVS-DR.
Regards
joshua.
--
Joshua Goodall <joshua@xxxxxxxxxxxxxxxxx>
Solutions Architect / Principal Security Architect
myinternet Limited.
|
