|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Joseph Mack NA3T wrote:
> Hi Ludo,
>
> How do you run ipvsadm to set this up? The packets return from
> internetland through the director too?
>
> Thanks Joe
>
The director is my gateway router, having two seperate internet
connections. Any return traffic will pass the director. (side note:
on this router you'll need to switch off reverse path filter)
The setup with the patched ipvsadm:
#iptables -A FORWARD -t mangle -s <internal_lan> -d 0.0.0.0/0 -j MARK
- --set-mark 1
#ipvsadm -A -f 1
#ipvsadm -a -f 1 -j -r <gateway1>
#ipvsadm -a -f 1 -j -r <gateway2>
And because of the reinjection you can normally SNAT/MASQ traffic:
#iptables -A POSTROUTING -t nat -o <dev1> -m mark --mark 1 -j SNAT
- --to-source <localaddr-dev1>
#iptables -A POSTROUTING -t nat -o <dev2> -m mark --mark 1 -j SNAT
- --to-source <localaddr-dev2>
Greetings,
Ludo.
- --
Ludo Stellingwerff
V&S B.V. The Netherlands
ProTactive firewall solution.
Tel: +31 172 416116
Fax: +31 172 416124
site: www.protactive.nl
demo: http://www.protactive.nl:81/netview.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC6iVwOF3sCpZ+AJgRArr/AKC84ma2w1tGL13oEA8ehStPDKnGlwCcCuvF
dlQI0pVj/7t8+HlxQYKNi7M=
=IGQT
-----END PGP SIGNATURE-----
|
