Hi Klavs,
I am using the patch with a 2.6.9 kernel with IPVS 1.2.0. On that page I
can see patches for kernels up to 2.4.28 and 2.6.9 so I don't think it
will be an issue for you.
As for your other questions, I am not the patch maintainer :) (I just
found it with a search) so I don't know why it isn't in the main source
tree.
Regards
Dean
On Thu, 2004-12-16 at 09:18 +0100, Klavs Klavsen wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Dean,
>
> Thank you very much for that link - it looks very interesting.
>
> I'm concerned though, that the versions (both LVS and Kernel) are quite
> old - is the patch updated to work with the latest of both?
>
> Also - This patch enables a feature, which can be enabled/disabled at
> will - so why is it not in the main LVS source code?
>
> The reason I'm asking this, is ofcourse that I run LVS for
> high-availability :)
>
> on 16-12-2004 02:42 Dean Holland wrote:
> | We are using the patch from the following URL:
> |
> | http://www.ssi.bg/~ja/nfct/
> |
> | which adds the netfilter conntrack entries for LVS-NAT or LVS-DR with
> | the director as the gateway (which is the setup I run here).
> |
> |
> | On Wed, 2004-12-15 at 19:52 +0000, Malcolm Turnbull wrote:
> |
> |>I think LVS uses the INPUT and OUTPUT chain rather than FORWARD
> |>which is why its not recommended to be used as a firewall as well.
> |>
> |>I could be wrong as usual.....
> |>
> |>Regards,
> |>
> |>Malcolm Turnbull.
> |>
> |>Loadbalancer.org Limited
> |>+44 (0)7715 770523
> |>http://www.loadbalancer.org/
> |>
> |>
> |> " When a single point of failure is not an option"
> |>
> |>Why not try our online demonstration
> |><http://www.loadbalancer.org/demo.html> ? Or get answers to common
> |>questions <http://www.loadbalancer.org/fud.html> ?
> |>
> |>
> |>
> |>Klavs Klavsen wrote:
> |>
> |>
> | Hi guys,
> |
> | I am running LVS with NAT setup (kernel 2.4.27) and have noticed a
> | serious problem (with how it works with Netfilter) which I wanted to
> | know if really is a bug - or "feature"?
> |
> | What I've noticed, is that when I get requests to my virtual addresses -
> | it forwards these to the realservers - but appereantly the request is
> | NOT added to the Netfilter ESTABLISHED table - so the response from the
> | realserver is not allowed out - unless I specificly allow everything out
> | from the realservers service-ports (http and https in this case) :(
> |
> | Am I just mistaken, in thinking a connection established from the
> | outside should be added to the LVS (with the "by LVS" rewritten
> | address), so it will match an ESTABLISHED on the way out?
> |
> | Thank you in advance
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
> |>
> |>
> |>_______________________________________________
> |>LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> |>Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> |>or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
> | _______________________________________________
> | LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> | Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> | or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
> - --
> Regards,
> Klavs Klavsen, GSEC - kl@xxxxxxx - http://www.vsen.dk
> PGP: 7E063C62/2873 188C 968E 600D D8F8 B8DA 3D3A 0B79 7E06 3C62
>
> "Those who do not understand Unix are condemned to reinvent it, poorly."
> ~ --Henry Spencer
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
>
> iD8DBQFBwUTePToLeX4GPGIRAhr/AKCyqIEMEUeojCetC+4GI2+iPw7L7gCff8h4
> hSDhGImDZP0MglDxXIdNsv8=
> =GZHi
> -----END PGP SIGNATURE-----
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
|