|
Hello,
I would like to know: Is it possible to run iptables firewall and ipvs
loadbalancer on the same machine.
This has been the subject of much discussion on this list and is covered
extensively in the HOWTO. How about you save your questions till after
you've
read up on the matter.
I think that is why I did not get a clear answer.
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.filter_rules.html
Is this clear enough or does it raise more questions? We would like to
know so we can improve on the documentation.
I think it does not work, I was just looking for other ipvs users to
backup that answer.
Out of the box it does not work, correct. But patches exist to make it
work. You seem to have neglected to mention
a) your kernel version
b) your LVS forwarding method
both points have different outcomes in answering your question to its
full extent. 2 examples, randomly picked:
LVS-NAT with the nfct patch will work for 2.4.x and 2.6.x kernels
regarding filtering, iif you don't use fwmark
LVS-DR will most probably not work with 2.6.8 and above kernels
regarding filtering since the tcp window tracking patch has been merged
to the vanilla tree; however there is a relaxation sysctl that could
revert the strict TCP window and sequence number checking to the
loosly-knitted one (aka: non-existant) as previously found in vanilla
Linux kernels.
Regards,
Roberto Nibali, ratz
--
echo
'[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
|
