On Mon, Mar 28, 2005 at 09:42:56PM +1000, Con Tassios wrote:
> arptables -L -vn should indicate whether it is working. Check the values
> for pkts/bytes in the IN and OUT chain.
>
> On Mon, 28 Mar 2005, Kirk wrote:
>
> >On my web farm server (real server) I have this:
> >
> >Eth0 210.210.30.210
> >Eth1 10.0.0.1
> >Lo 127.0.0.1
> >Lo:0 210.210.30.200 # VIP
> >
> >I put in the arptables entries of:
> >arptables -A IN -d 210.210.30.200 -j DROP
> >arptables -A OUT -s 210.210.30.200 -j mangle --mangle-ip-s 210.210.30.210
> >
> >and then I look at the arp output with 'tcpdump -n -e arp' when hitting the
> >server with a request and one of the two web servers is responding with:
> >
> >0:30:48:80:b3:66 Broadcast arp 42: arp who-has 210.210.30.200 tell
> >210.210.30.210
> >0:d:bd:4a:3b:0 0:30:48:80:b3:66 arp 60: arp reply 210.210.30.200 is-at
> >0:d:bd:4a:3b:0
> >
> >Should this machine be responding to arp at all?
That looks like the real server (210.210.30.210) asking for the
mac of the VIP (210.210.30.200), which should be ok.
Which machine is 0:30:48:80:b3:66 and which is 0:d:bd:4a:3b:0 ?
--
Horms
|