|
On Thursday 10 April 2008 17:00:49 Jason Stubbs wrote:
> On Wednesday 09 April 2008 23:27:24 Joseph Mack NA3T wrote:
> > On Wed, 9 Apr 2008, Jason Stubbs wrote:
> > > The best I can come up with is to apply the patch from below and then
> > > run squid on the director. Is there a better way that I'm not seeing?
> >
> > this is as good as it gets. LVS wasn't designed to do this.
> > It would be nice to have, but we don't have it.
>
> Moving ip_vs_in to the end of POSTROUTING and moving ip_vs_out to the start
> of PREROUTING as in the attached patch seems to work and lets me do what I
> want. LVS-NAT and SNAT are working both independently and in conjunction to
> allow connections to VIPs from anywhere.
Well, SNAT works independently and LVS-NAT works in conjuction with SNAT but
LVS-NAT isn't working on its own. I'll look into this and try and fix it, but
the questions below still stand. :)
> I haven't tested LVS-DR, LVS-TUN or localnode (although I think localnode
> should still work) and am not so worried if they don't work. Are there any
> other issues likely to arise with this patch? Is there any reason why LVS
> didn't hook into (or near) those places in the first place?
>
> I understand that it'll likely never be accepted because it'd break pretty
> much every existing installation (VIP on an interface would not make it to
> IPVS)... I'm just wondering if there's any gotchas I might not be seeing
> before I decided to put it into production.
--
Jason Stubbs <j.stubbs@xxxxxxxxxxxxxxx>
LINKTHINK INC.
東京都渋谷区桜ヶ丘町22-14 N.E.S S棟 3F
TEL 03-5728-4772 FAX 03-5728-4773
|
