[lvs-users] Re : IPVS and IPTABLES firewall

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	[lvs-users] Re : IPVS and IPTABLES firewall
Cc:	graeme@xxxxxxxxxxx
From:	w y <yaw55555@xxxxxxxx>
Date:	Tue, 14 Apr 2009 13:16:24 +0000 (GMT)

I don't know how you can tell it's working unless you have two realservers

Well , I have already tested installation with 2 real servers 
... Balancing algorithm  is not the issue I wanted to point out here...

You can't use stateful filtering as the director doesn't see the reply packets

Does it mean that I am completely wrong when I try to do "high level" 
firewalling (open or close some ports) ? 

I 'd like to set up a very simple rule : allow only port 80 connections on my 
director for the VIP. 
Real IP of this server should  allow more things.  

Need to patch the kernel ?

I 've read the HOWTO, but not sure of response, especially for recent kernels.  

Many thanks ,
Yann

________________________________
De : Joseph Mack NA3T <jmack@xxxxxxxx>
À : LinuxVirtualServer.org users mailing list. 
<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Cc : graeme@xxxxxxxxxxx
Envoyé le : Mardi, 14 Avril 2009, 14h39mn 15s
Objet : Re: [lvs-users] IPVS and IPTABLES firewall

On Tue, 14 Apr 2009, w y wrote:

> I have installed a basic http loadbalancing  that work perfectly :
> 
> Internet <-> LVS/VIP <-> RIP (1 machine)

I don't know how you can tell it's working unless you have two realservers

> But unfortunalty, when I run my "usual" firewall script to protect my 
> director server (ie some IPTABLES commands to only allow port 80), 
> loadbalancing is broken

only add rules that work.

You can't use stateful filtering as the director doesn't see the reply packets

>    Do you mean that we don't ne to patch the kernel ?

you can figure it out from the HOWTO. Sorry it's been so long since I wrote 
that stuff, and I don't use it myself, that I don't know the answer anymore

Joe

-- Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] LVS-NAT on firewall, Jonathan Baxter Re: [lvs-users] LVS-NAT on firewall, jason . faulkner Re: [lvs-users] LVS-NAT on firewall, Graeme Fowler Re: [lvs-users] LVS-NAT on firewall, Jonathan Baxter [lvs-users] IPVS and IPTABLES firewall, w y Re: [lvs-users] IPVS and IPTABLES firewall, Joseph Mack NA3T [lvs-users] Re : IPVS and IPTABLES firewall, w y <= Re: [lvs-users] Re : IPVS and IPTABLES firewall, Graeme Fowler [lvs-users] Re : Re : IPVS and IPTABLES firewall, w y Re: [lvs-users] Re : Re : IPVS and IPTABLES firewall, Siim Põder

Previous by Date:	Re: [lvs-users] IPVS and IPTABLES firewall, Joseph Mack NA3T
Next by Date:	[lvs-users] Constant chatter, lists@xxxxxxxxxxxx
Previous by Thread:	Re: [lvs-users] IPVS and IPTABLES firewall, Joseph Mack NA3T
Next by Thread:	Re: [lvs-users] Re : IPVS and IPTABLES firewall, Graeme Fowler
Indexes:	[Date] [Thread] [Top] [All Lists]