> I created a nice init script with my firewall rules just for
> ipvs. The problem I am having is if I SSH out from a real IP
> it always routes out the IPVS primary IP. I need to figure
> out how to route certain RIP's out specific VIP's.
We have our RIPs split up in subnets by what service they are for.
For example, the web hosting is on 192.168.97.x RIPs and the primary VIP for
this range is 216.x.x.1 so in order for the traffic coming out of the
webhost farm to be recognized as just that we have a rule:
-A POSTROUTING -s 192.168.97.0/255.255.255.0 -o eth0 -j SNAT --to-source
216.x.x.1(vip)
We have other subnets for other services on the internal network:
192.168.100.x, 192.168.101.x, ...
-A POSTROUTING -s 192.168.100.0/255.255.255.0 -o eth0 -j SNAT --to-source
x.x.x.x(Primary VIP for the service)
-A POSTROUTING -s 192.168.101.0/255.255.255.0 -o eth0 -j SNAT --to-source
x.x.x.x(Primary VIP for the service)
...
I'm no iptables guru, in fact one of the other admins here came up with
that, but I'm sure it's pretty easy to adapt this method to what you need.
Hope this helps!
-Billy
|