Hey everybody. I'm using the ip policy hack to get transparent proxy going like this:
ip rule add prio 100 fwmark 1 table 100 ip route add local 0/0 dev lo table 100 That redirects packets that I've marked with fwmark 1 into the "local" machine so that lvs will see them. This is all working, I can distribute incomming connections to realservers, however, I run into problems when I try to use the localnode feature. If I have /sbin/iptables -t nat -A PREROUTING -p tcp -s 10.0.0.1/8 --dport 80 -j REDIRECT --to-port 8080 in my PREROUTING table so that the local machine can intercept, connections routed to the local node work and connections routed to the other peers fail, if I delete the rule connections to the local node fail and connections to the remote hosts work. Any ideas? Can I tell the connections apart in iptables so that I can create a rule to skip the redirect for packets leaving for other realservers? Can I get lvs to bypass PREROUTING for packets going out? David _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
