|
On Fri, 29 Jul 2005, Ludo Stellingwerff wrote:
The setup with the patched ipvsadm:
patched instructions ;-)
#mark all packets from <internal_lan> to the internet
#iptables -A PREROUTING -t mangle -s <internal_lan> -d 0.0.0.0/0 -j MARK -
--set-mark 1
#setup virtual service for packets marked with fwmark 1
#ipvsadm -A -f 1
what is the -j about here? you don't have a -g (or whatever)
at the end of the line. Did you have to hack ipvsadm too?
Are the gateway addresses private or public? Are dev1/2
public or private addresses?
#ipvsadm -a -f 1 -j -r <gateway1>
#ipvsadm -a -f 1 -j -r <gateway2>
And because of the reinjection you can normally SNAT/MASQ traffic:
Not sure what's going on here. dev1/2 are the output devices on the
director and have private addresses? You're then NAT'ing these
private addresses to what? Presumably the address on the gateway?
Traffic from the internal network
#iptables -A POSTROUTING -t nat -o <dev1> -m mark --mark 1 -j SNAT -
--to-source <localaddr-dev1>
#iptables -A POSTROUTING -t nat -o <dev2> -m mark --mark 1 -j SNAT -
--to-source <localaddr-dev2>
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
| 