|
On Thu 07 Apr 2005 22:57:54 BST , Casey Zacek <cz@xxxxxxxxxxxx> wrote:
I did some code diving, and it turns out you and Graeme Fowler are
probably both right. According to the code, source port is ignored
for fwmark, port-specific, and wildcard-but-only-for-FTP virtual
services.
I'm not entirely surprised that Horms was right. I am, however, amazed that I
happened to fluke myself into that position ;-)
I'm not 100% sure this will entirely fix my customer's problem, but
we'll see after the config reload tonight. I've changed his LVS
config from a *:0 to a pair (*:80 and *:443). If this doesn't work,
I'm going to try fwmark, but I'd rather not have two places to
configure them (iptables and keepalived).
You could always manage this from keepalived - write a script to do your
iptables management, and have it run with appropriate options upon a
transition. I do something similar for my DNS cluster:
notify_master "/usr/local/bin/transitions MASTER"
notify_backup "/usr/local/bin/transitions BACKUP"
notify_fault "/usr/local/bin/transitions FAULT"
where /usr/local/bin/transitions parses a list of IP addresses and
shuffles them
from loopback to ethernet interface appropriately (meaning I don't have
to muck
about with arptables).
You could, I suspect, do something similar with iptables by making keepalived
set them up appropriately when transitioning to MASTER state at startup. OK,
it's cheating, but it'd probably work :)
Glad you got to the bottom of it!
Graeme
| 