Am Dienstag, 15. April 2008 08:43 schrieb Sameer Garg: > Hi All, > > We have been experiencing D/Dos on http. The LVS is uneffected by the > D/Dos but the real servers are suffering. Beside the D/Dos the LVS is > currently handling 5 subdomains and approximately 10QPS. > > We are using LVS-Tun configuration. Due to our distributed setup and > service provider limitation we can't put a perimeter firewall so we > are thinking of stopping them at or before the LVS. > > At the director I have tuned the route flush and route garbage > collection variables but that is all I could figure out.After reading > the howto and the mailing list I have concluded that it is possible > to use iptalbles with LVS-DR and LVS-NAT. Is it advisable to put > iptables on the director in a LVS-TUN setup?
Yes. It is even nescessary if you take LVS descisions based on the mangle table. > Unrelated question: Anybody using a opensource firewall Iptables/pf in > production for 100M connection? > > Sameer Not that I have seen on production, but shold be possible. Perhaps this helps: http://lists.sans.org/pipermail/unisog/2005-August/025040.html -- Dr. Michael Schwartzkopff MultiNET Services GmbH Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany Tel: +49 - 89 - 45 69 11 0 Fax: +49 - 89 - 45 69 11 21 mob: +49 - 174 - 343 28 75 mail: [EMAIL PROTECTED] web: www.multinet.de Sitz der Gesellschaft: 85630 Grasbrunn Registergericht: Amtsgericht München HRB 114375 Geschäftsführer: Günter Jurgeneit, Hubert Martens --- PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
