|
On Wed, 3 Dec 2008, Dan Brown wrote:
> The firewall rules for iptables are setup for the real servers on eth0 for
> both the LVS-DR server and the LVS-TUN server.
Does it work OK without the iptables rules?
> The tunl0 I originally gave an IP of 192.168.10.5 as it
> served no purpose by itself other than to exist
the tunl device usually has the VIP
> If I block everything except traffic to the server from the
> director I still get traffic through to the remote server.
I have no idea what this means.
> eg. iptables -I INPUT -s ! lvsdirector -d ! lvscheckhost -p tcp --dport 80
> -i eth0 -j REJECT
>
> So how to I make the server at the end of the tunnel filter via iptables the
> traffic redirected from the LVS directors? Is a second set of rules
> required for the tunl0 interface and it's aliases?
I suspect you posting is something like this
"My LVS-Tun setup is working fine. I want to filter the
packets coming from the director to the realserver so that X
happens. I tried these following rules and X does not happen
but Y does happen as shown by test Z. What should I do?"
Is this correct? If so please fill in X, Y and Z.
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
