Re: [lvs-users] IPVSADM/IPTables question

To: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] IPVSADM/IPTables question
From: "Gary W. Smith" <gary@xxxxxxxxxxxxxxx>
Date: Wed, 12 Sep 2007 10:38:14 -0700
> > IP's into a second box, behind the wall, running ipvsadm.
> I assume you mean the box is a director.

Yes, my terminology is less than normal today,

> > if it is and if so, what I should expect.
> sometimes it works OK and sometimes it doesn't.

So is this something you would recommend we explore, or just go back to
using a dual server system?  When it does work, does it work reliably or
does it sometimes fail?

> > * Firewall would be on eth0
> > * Firewall would also have aliases for,, and
> eth0
> use secondary IPs not aliases.

Sorry, again terminology, but then again, let me ask the question.  We
add additiona IP's in to /etc/sysconfig/network-scripts/ifcfg-eth:<id>.
Is that considered secondary or alias?

Or should we be using ip addr add?

> > iptables would have this:
> >
> > -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
> accept nic:VIP:port, all else reject

We reject everything to begin with.  I was wanted to make sure I was on
the right track.  I still assume that I want to use IN and not FORWARD
(at least at this point) as the traffic is technically coming into the

BTW, thanks for the quick response.


<Prev in Thread] Current Thread [Next in Thread>