Thanks for your response Bill.
Just to clarify a few points. You need the iptables magic with your setup
because you're using LVS-DR, but the DIP's and RIP's are not on the same
subnet, so it's not as simple as rewriting the MAC and leaving putting the
packet on the wire?
If so, I'll get to work on upping my iptables foo.
Philip
Hi Philip
To clerify, in my setup the VIP, RIP and CIP are all on the same
subnet. When a packet comes in to the RIP, assuming the RIP is bound
to a Linux server, the OS will drop the packet if the DEST is not
equal to any IP address that are bound to any interfaces on the
server. There has to be configuration done on the real server in
order for the OS to accept that packet. This is one big difference
between a custom LVS solution vs using a Netscaler.
To do this, you need to use iptables to accept that traffic. See
section 17 on the LVS HOWTO
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.transparent_proxy.html
-Bill
|