|
> What is the importance of executing the line :
> "echo 1 > /proc/sys/net/ipv4/ip_forward" (found on
> http://www.linuxvirtualserver.org/VS-DRouting.html)
> on director and real server in DRouting mode ?
This setting changes the behavior of networking between interfaces to allow
forwarding between multiple interfaces. Without this setting packets cannot
traverse in an LVS setup. In the case of your director it will either
forward between two interfaces (eth0 and eth1 for example) or forward
between one interface and one virtual interface (eth0 and eth0:1). With the
real servers this setting will allow traversal between the public interface
and the virtual interface (for example eth0 and eth0:1).
One habit I have in my DR setup is to turn off ip_forward on my private
interfaces after the "echo 1 > /proc/sys/net/ipv4/ip_forward" command. This
ensures to me that there is an extra layer of defense against packets
forwarding from my private network. Maybe this wouldn't make a difference
to the wily hacker (tm) but every little bit helps..
Hope that helps
Peter
| 