|
I want to run iptables and LVS on the same box. My LVS setup will be as follows
(NAT based):
internet
+
|
+
lvs
+
|
+--------+---------+
| |
real server real server
I want to establish iptables rules which will do the following:
1. Disallow all new connections from the outside to the lvs box except for
traffic destined for the VIP/ports I have defined in LVS.
2. Allow inbound/outbound traffic for established/related connections on the
LVS box.
So in a sense the lvs box is a "firewall" but only to protect itself.
I have read the LVS HOW-TO section 17.1 which talks about running LVS and
netfilter together on the same box. It mentions the ipvs_nfct module. Do I
need to do this for this situation? The HOW-TO is not very clear. It mentions
on one hand in section 17.1 that you need the nfct module but then at the end
of 17.1 it says: "You can (and always have been able to) use firewall rules
that match by device, proto, port or IP, without using ipvs netfilter
connection tracking module, ipvs_nfct.". So my question is when do you need
the module and when do you not need it?
Thanks,
Steve
_________________________________________________________
New from comScore: A Window into the Mind of the Consumer
"Finally, an accurate view of what consumers
have never been able to tell you"
comScore Survey Research at www.comscore.com/surveyresearch
_________________________________________________________
|
