|
> Let's say you can figure out how to do this...
>
> The replies coming from the machine on the internet will have
> dst_addr=VIP.
> The director will see the packets and since they aren't part
> of an established
> connection, they will be dropped.
You can do this with policy-based routing in the 2.6 series of kernels.
On my Debian realservers I have this in the /etc/networks/interfaces
file:
auto eth0 eth1
iface eth0 inet dhcp
iface eth1 inet static
address 192.168.0.2
netmask 255.255.255.0
up ip route add 192.168.0.0 dev eth1 src 192.168.0.2 table lvs
up ip route add default via 192.168.0.1 table lvs
up ip rule add from 192.168.0.2 table lvs
down ip rule delete from 192.168.0.2 table lvs
down ip route delete 192.168.0.0 dev eth1 src 192.168.0.2 table lvs
And I have a table "lvs" in my iproute2/rt_tables file:
#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
1 inr.ruhep
80 lvs
It took me a long time and lots of googling to figure this out but it
works great.
--cro
|
