|
Thanks for the info. I'm going to try to setup a test environment tonight or
tomorrow and play around with it. I just didn't want to waste the time if it
was something that wouldn't work in the long run.
Gary
________________________________
From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx on behalf of Joseph Mack NA3T
Sent: Wed 9/12/2007 11:04 AM
To: LinuxVirtualServer.org users mailing list.
Subject: Re: [lvs-users] IPVSADM/IPTables question
On Wed, 12 Sep 2007, Gary W. Smith wrote:
>> sometimes it works OK and sometimes it doesn't.
>
> So is this something you would recommend we explore, or just go back to
> using a dual server system? When it does work, does it work reliably or
> does it sometimes fail?
the problem is collisions between iptables rules and what
ip_vs() does with the packets. It's written up in the HOWTO.
Just keep adding rules. If it works once, it will work
forever.
>> use secondary IPs not aliases.
>
> Sorry, again terminology, but then again, let me ask the question. We
> add additiona IP's in to /etc/sysconfig/network-scripts/ifcfg-eth:<id>.
> Is that considered secondary or alias?
I don't use any of these market enhanced versions of
ethernet configuring tools. I know other people are happy
with them.
> Or should we be using ip addr add?
whatever you get to work first.
> We reject everything to begin with. I was wanted to make sure I was on
> the right track. I still assume that I want to use IN and not FORWARD
> (at least at this point) as the traffic is technically coming into the
> firewall).
IN (PREROUTING) is fine
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
|
