|
Hi,
Dominik Klein schrieb:
'ipvsadm -L -n' shows the following enrty:
TCP <public_ip>:80 wlc
-> 127.0.0.1:80 Local 1 0 0
Doesn't this entry must show "masq" on the line with "127.0.0.1"
instead of "Local"?
No. Local is fine.
If the servers are up they are in the list with "-> 192.168.1.151 masq
100 0 0". Do I need to set any iptable-rules (masquerading) for beeing
able to connect to the fallback-server from the internet?
Normally not. Do you have any other iptables rules on your director that
may be blocking this?
The iptables rules allow access to any internal server, port 80 and 443.
Rules for the lo-device are all open:
$IPT -t filter -A INPUT -p all -i lo -j ACCEPT
$IPT -t filter -A OUTPUT -p all -o lo -j ACCEPT
$IPT -t nat -A POSTROUTING -o $WAN_IFACE -j MASQUERADE
I was not setting up the firewall rules so maybe I overlooked one rule.
But a dropping firewal should throw away any syn-packets (drop) and
while I'm receiving an "reset" it must be anything else.
The tcp-packet arrives on the external interface but it is not
redirected to the lo-interface. Is this not a director task?
Arnd
| 