|
I trying to get iptables (firewall) and lvs running on the same server.
I'm testing telnet to 2 W2K servers. If I watch my iptables logs I can see
that if I telnet to my VIP it gets routed to the right RIP ( I can see the
connection on the RIP ) however iptables blocks the response back out.
Im using the same DIP as the rest of my internal hosts. They all will be
NATed to an external address. It seems iptables isnt letting the
connection outbound since it didnt establish the connection inbound on
that particular address. EX: The original packet was NAT (iptables) to VIP
192.168.1.11 which then goes to a RIP 192.168.1.30 and then the firewall
sees a return outbound connection from 192.168.1.30 and not 192.168.1.11.
Do I have to setup a seperate DIP and NAT it to the same address as the on
that my VIP is on so the firewall sees the reyturn packets on the same IP?
-David
| 