|
> On Mon, 6 Mar 2006, Oliver Weichhold wrote:
>
>>
>> I would like to run this in Direct Mode with the Director also being the
>> gateway and firewall for the real servers.
>
> look for Julian's forward-shared patch (in the HOWTO) for
> LVS-DR
I think you mean http://www.ssi.bg/~ja/forward_shared-2.6.12-2.diff. Going
to try that.
By the way when I issue the following command on the director:
<snip>
ifconfig eth1:0 192.168.231.10 netmask 255.255.255.0 broadcast
192.168.231.255 up
iptables -t nat -A PREROUTING --dst 192.168.230.33 -p tcp --dport 80 -j
DNAT --to-destination 192.168.231.10
iptables -t nat -A POSTROUTING -p tcp --dst 192.168.231.10 --dport 80 -j
SNAT --to-source 192.168.230.33
iptables -t nat -A OUTPUT --dst 192.168.230.33 -p tcp --dport 80 -j DNAT
--to-destination 192.168.231.10
ipvsadm -A -t 192.168.231.10:http -s rr
ipvsadm -a -t 192.168.231.10:http -r 192.168.231.2:http -g -w 1
</snip>
and run "ipvsadm -L -?stats" I can see that inbound packets were processed
for VIP 192.168.231.10 but there was never a reply. Is this caused by the
absense of the patch you've mentioned?
Furthermore, I've realized that I'm going to be limited to one gateway for
the forseeable future so I have to NAT anyway. Either through ipvs or
through iptables. Does it matter who performs the NAT or am I completely
wrong?
>
> Joe
>
> --
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
>
--
Oliver Weichhold
Development & Security Consultant
http://www.weichhold.com
|
