|
Horms wrote:
To summarise. The path for incoming packets is:
PREROUTING -> LOCAL_IN -> POSTROUTING
Thank you.
I have understood quite a bit more, since I have read the relevant
chapters in the LVS howto, My original complaint about insufficient
information about interplay between ipvs and iptables was wrong, the
information is there, it ineeds only some serious learning about
iptables to understand it.
One point remains a bit mysterious:
the 'iptables' documentation I have found most useful is Oscar
Andreasson's Iptables Tutorial 1.1.19
It does not mention a chain called LOCAL_IN, whereas, like your message,
the LVS Howto and related docs refer to LOCAL_IN all the time.
Is LOCAL_IN the same as INPUT, or if not, what is it?
About outgoing ssh from the realservers: I do use it, as my experience
is that I spend quite a bit of time logged in there, to do maintenance
work, web application trouble shooting etc. To be able to use rsync (via
ssh) and scp from inside the cluster, to get stuff in and out, I use
outgoing connections quite a bit. This includes wget (http) and outgoing
https (for redhat's up2date feature).
Alois
|
