|
Hi,
I have a Netfilter fw (2.6.11) with 4 network attached: 3 public
network and 1 Nat-ed one.
I would like to setup a webfarm with lvs-nat and keepalived
Only the TCP/80 port will be Nated, all the other port/services will not
be nated and thus not be accessible.
I was wondering what is the incompatibility between netfilter and lvs ?
Do I really need the antefacto patch ?
What the antefacto patch is for ? (what does not work without it)
I have an other question:
I would like to setup redondancy via vrrp (from keepalived)
What rules do I have to add to my ruleset ?
What do vrrp need to pass through the network and on which interface ?
I found this rules on the internet:
run_iptables -A INPUT -s <ip of the fw:eth0> -i eth0 -p vrrp -j ACCEPT
run_iptables -A OUTPUT -d <ip of the fw:eth0> -o eth0 -p vrrp -j ACCEPT
run_iptables -D INPUT -s <ip of the fw:eth0> -i eth0 -p vrrp -j ACCEPT
run_iptables -D OUTPUT -d <ip of the fw:eth0> -o eth0 -p vrrp -j ACCEPT
is it enought ? (all trafic are prohibited by default on this fw)
eth0 is the interface which is specified in the vrrp_instance section of
the keepalived.conf file.
does vrrp work on VLAN on bonding ?
thanks for your help
--
Maxime Kurkdjian - Consultant
13, rue Greneta 75003 Paris
tel: 01 44 78 63 66 - fax: 01 44 78 63 65
http://www.oxalide.com
| 