|
Joe:
Yes I have. And absent the inclusion of Ldirectord, the system
firewalls and load balances very well. Its when I add Ldirectord that
the INPUT chain traversal path gets weird. Specifically, I can match
the packet when doing logging, but when I try to accept it, using the
same matching fields, the packet appears to jump to the end of the
chain. It's the strangest thing. One thing I didn't mention in my
earlier email is that I have not patched the kernel to take advantage of
state matching in my firewall script. But, the articles you mention
don't seem to indicate that it's a requirement for doing
firewalling/load balancing/monitoring.
I really appreciate your feedback as I've been working on this night and
day for over a week, and I really want to use these technologies.
Many thanks.
Brian
On Mon, 23 Oct 2006, Brian Jenkins wrote:
Hi all:
I'm running lvs on my firewall and everything works well.
since you're running LVS-NAT, have you read
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-NAT.html#lvs_nat_problems
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.filter_rules.html
?
Joe
|
