|
Peter Mueller wrote:
> On my real servers I have : $IPTABLES -t nat -A PREROUTING -p tcp -d
> $VIP1 --dport 80 -j REDIRECT --to-port 80. If I remember correctly "-j
> REDIRECT" is broken on stock kernels.
broken only for LVS
> Vendor kernels have an iptables patch that restores functionality.
only RH that I've heard of. (It could be in all of them for all I know.)
> Actually I have just dug into google a bit on this issue. As it turns
> out iptables of 1.2.7a - or possibly earlier - appears to have restored
> this functionality. Here is the thread :
> http://lists.netfilter.org/pipermail/netfilter/2002-September/038303.html.
I found two postings in this thread. There were about the inability
of iptables-1.2.7a to parse a previously working set of arguments
(which included -j REDIRECT).
Neither was about the functionality of Horms Method (using transparent
proxy with LVS) that I could see.
> RE: director, why would you want transparent proxy to work there?
it was Horms first use of transparent proxy for LVS. You can read how
it was used in the HOWTO
Joe
--
Joseph Mack PhD, High Performance Computing & Scientific Visualization
LMIT, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.johnb@xxxxxxx
|
