|
Joseph Mack PhD, High Performance Computing & Scientific Visualisation
LMIT, Supporting the EPA Research Triangle Park, NC 919-541-0007 Federal
Infrastructure Contact-Ravi Nair 919-541-5467 - nair.ravi@xxxxxxx
lvs-users-bounces+mack.joseph=epamail.epa.gov@xxxxxxxxxxxxxxxxxxxxxx
wrote on 03/23/2005 05:26:27 PM:
> My goals are:
>
> - The director should masquerade for real servers on the internal
> network (all network traffic, not just the service that
> LVS is managing)
ipvsadm/ipvs handle this for you.
> - The director should ONLY masquerade for internal cients - not
> something like "iptables -t nat -A POSTROUTING -j
> MASQUERADE", which
> will allow outside machines to masquerade as well.
to the above line add
-s realserver_network/netmask
or several lines of the type
-s realserver_IP
> - iptables should drop any new, incoming connection EXCEPT FOR the
> LVS-enabled service.
don't know exact syntax but it will be something like
.... -d $VIP:port accept
accept related, established
reject
Joe
|
