|
On Tue, 2006-12-12 at 12:55 -0500, Bill Omer wrote:
<snip>
> I am using the following on all of my reals to access traffic with a DST of
> VIP:
> iptables -t nat -A PREROUTING -d VIP -p tcp --dport 0:65535 -j REDIRECT
>
> Scenario (assuming wlc):
> A real boots but for some reason, the iptables are not applied. Now
> mon/keepalived sees the real is now responding again and re-adds the
> server back to the ipvsadm table. Since this real doesn't have any
> active connections, all new connections are routed to this real.
> Since the iptable rules did not run, now the service the client is
> trying to access is completely unavailable.
Add that command to the end of /etc/rc.d/rc.local, or
use /etc/sysconfig/iptables, or /etc/rc/rc.net (or whichever startup
scripts apply according to your OS).
Anything you tell iptables to do on the command line isn't in a saved
state, so is lost upon reboot. You need to tell your RS to run it at
startup.
[regardless of validity, if it WFY it works :) ]
Graeme
|
