|
On Wed, 12 Sep 2007, Gary W. Smith wrote:
>> sometimes it works OK and sometimes it doesn't.
>
> So is this something you would recommend we explore, or just go back to
> using a dual server system? When it does work, does it work reliably or
> does it sometimes fail?
the problem is collisions between iptables rules and what
ip_vs() does with the packets. It's written up in the HOWTO.
Just keep adding rules. If it works once, it will work
forever.
>> use secondary IPs not aliases.
>
> Sorry, again terminology, but then again, let me ask the question. We
> add additiona IP's in to /etc/sysconfig/network-scripts/ifcfg-eth:<id>.
> Is that considered secondary or alias?
I don't use any of these market enhanced versions of
ethernet configuring tools. I know other people are happy
with them.
> Or should we be using ip addr add?
whatever you get to work first.
> We reject everything to begin with. I was wanted to make sure I was on
> the right track. I still assume that I want to use IN and not FORWARD
> (at least at this point) as the traffic is technically coming into the
> firewall).
IN (PREROUTING) is fine
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
|
