Hi David,
"l4ip" will just pass "sticky" keyword to "ipnat" command (or, set it for
ioctls) and has nothing to do with the functionality of ipfilter once it is in
place. I have forwarded your message to the IPFilter mailing list so that
perhaps someone out there with sticky-ness experience can help.
Is there a known issue with sticky flag in V4.2.x ? I have not tried sticky
myself, but I could certainly do so given some time.
Sincerely,
Lund
David Chuang wrote:
Hi Lund,
I read the source code of l4ip and (rather than recompile the code)
try the ipnat commands directly from the Solaris console. Somehow, the
commands do the round robin but does not do the stickness.
The following two rules should redirect VIP(1.1.1.1) traffic to servers
2.2.2.2 and 3.3.3.3 in round-robin and also have stickness feature.
rdr fxp0 1.1.1.1/32 port 80 -> 2.2.2.2 port 80 tcp round-robin sticky
rdr fxp0 1.1.1.1/32 port 80 -> 3.3.3.3 port 80 tcp round-robin sticky
These rules will redirect traffic, say 5.5.5.5 to 2.2.2.2 and 6.6.6.6
to 3.3.3.3 (port 80). Then,
all future 5.5.5.5 traffic to 1.1.1.1 will always redirected to
2.2.2.2 (stickness)
all future 6.6.6.6 traffic to 1.1.1.1 will always redirected
to 3.3.3.3 (stickness)
Somehow, during our testing of the Ipfilter (4.2.X) version, the
stickness does not work. Different source port from 5.5.5.5(or
6.6.6.6) are directed to different destinations.
Thanks in advance for your help.
David
--
Jorgen Lundman | <[EMAIL PROTECTED]>
Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell)
Japan | +81 (0)3 -3375-1767 (home)
