I think LVS uses the INPUT and OUTPUT chain rather than FORWARD
which is why its not recommended to be used as a firewall as well.
I could be wrong as usual.....
Regards,
Malcolm Turnbull.
Loadbalancer.org Limited
+44 (0)7715 770523
http://www.loadbalancer.org/
" When a single point of failure is not an option"
Why not try our online demonstration
<http://www.loadbalancer.org/demo.html> ? Or get answers to common
questions <http://www.loadbalancer.org/fud.html> ?
Klavs Klavsen wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi guys,
I am running LVS with NAT setup (kernel 2.4.27) and have noticed a
serious problem (with how it works with Netfilter) which I wanted to
know if really is a bug - or "feature"?
What I've noticed, is that when I get requests to my virtual addresses -
it forwards these to the realservers - but appereantly the request is
NOT added to the Netfilter ESTABLISHED table - so the response from the
realserver is not allowed out - unless I specificly allow everything out
from the realservers service-ports (http and https in this case) :(
Am I just mistaken, in thinking a connection established from the
outside should be added to the LVS (with the "by LVS" rewritten
address), so it will match an ESTABLISHED on the way out?
Thank you in advance
- --
Regards,
Klavs Klavsen, GSEC - kl@xxxxxxx - http://www.vsen.dk
PGP: 7E063C62/2873 188C 968E 600D D8F8 B8DA 3D3A 0B79 7E06 3C62
"Those who do not understand Unix are condemned to reinvent it, poorly."
~ --Henry Spencer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFBwIH+PToLeX4GPGIRAjtYAJ4tNWAAsIwu4wyVeG9NlcDOfchhSACfYNa8
bTyBIwyrVWB4/BGhDx5HbWo=
=Hk8k
-----END PGP SIGNATURE-----
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
|