|
Hello,
On Thu, 21 Jan 2010, Dennis J. wrote:
> Hm, I tried setting /proc/sys/net/ipv4/conf/*/rp_filter all both to 0 and
> to 1 but that had no effect.
> According to this link one cannot control this behaviour using rp_filter:
> http://www.ssi.bg/~ja/#lvsgw
>
> The forward_shared patch apparently changes this but I'm wondering why this
> hasn't been accepted into the mainline kernel yet after all these years.
> The patch seems to be simple enough. I'd really like to use the LVS-DR
> approach but I had hoped that either this or a similar patch had moved
> upstream by now so one could simply tell the kernel to accept these
> packets. Isn't this what the rp_filter flags are for after all?
It is too dangerous rp_filter to control such
packets because by default rp_filter is OFF. But we should
not worry anymore because more relaxed version of forward_shared
was accepted in kernel:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8153a10c08f1312af563bb92532002e46d3f504a
It is from Patrick McHardy (ipv4: add sysctl to accept packets
with local source addresses) and adds "accept_local" flag
in /proc/sys/net/ipv4/conf/... It uses OR logic:
all/accept_local || <dev>/accept_local
of course, all/accept_local=1 is dangerous to use
for hosts visible from world. So, <dev>/accept_local=1 is
enough to accept traffic from internal device (with real
servers in the IPVS case).
Regards
--
Julian Anastasov <ja@xxxxxx>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
