|
I use LVS nat, and run rwhod on the director and all realservers.
rwhod works by sending udp broadcasts to port 513 on all interfaces.
I use redhat linux (RHEL 3.0)
I would like to restrict these udp broadcasts to the internal interface
only, but rwho on Linux has no controls for such a restriction.
The broadcast packages on the external interface create some icmp error
replies from other devices on the external interface, which then get
logged in the director's syslog, every 3 minutes.
kernel: 10.1.2.4 sent an invalid ICMP type 11, code 0 error to
broadcast: xxxx.255 on eth1
If I use iptables to prevent these broadcasts to go out on eth1, then
rwhod is unhappy and creates another syslog entry every 3 minutes:
rwhod[4124]: sendto(xxx.255): Operation not permitted
I see two solutions, but don't know the howto for them:
a) use iptables to filter those unwanted ICMP replies
I tried, but could not get the filter rules right.
b) use the network interface configuration to disable all broadcasts on
eth1. I don't know whether that is possible, whether it breaks some
important other functionality, and how it is done.
Please don't advise me to stop rwhod - I find it convenient to see the
status of the whole LVS cluster with 'ruptime'
Alois
|
