Hi Graeme, I am nervous putting the firewall rules on a public list as this will be a public-facing website.
I switched over to HAProxy which seems to be doing a good job. I don't need the lower-level load balancing so HAProxy is fine for my purposes. Thanks for your help. - Jonathan On Sunday 12 April 2009 05:17, Graeme Fowler wrote: > Hi Jonathan > > Apologies for the delayed reply, first of all. > > On Wed, 2009-04-08 at 18:28 -0400, Jonathan Baxter wrote: > > Looking at the documentation for ipvsadm it seems that in order to run > > ipvsadm on a director that is also running a nat-firewall you have to > > patch the kernel with the ipvs_nfct patch. > > Well, not exactly, no. I've happily had ip_vs rules and netfilter rules > co-reside on the same director doing LVS-NAT on a number of occasions, > albeit probably not in the same sort of setup as you overall. > > > Internet <-> LVS/Firewall/VIP/Router <-> RIP (6 machines) > > OK, this is all perfectly sane. > > > The Router machine masquerades the RIP machines (real webservers) which > > are on a private network and only connect to the outside world through > > the Router. It has all the firewall rules and is the one on which I want > > to run ipvsadm. > > ...and so is this. > > > Packets get to RIP machines from Internet via Router, but get blocked on > > their way back. > > But this part is not. This is something to do with the netfilter rules > getting in the way (obviously). > > Can you post an example iptables ruleset, please (generate it using > iptables-save and edit it appropriately)? The way you have the rules > built is stopping the traffic getting back through. > > Ta > > Graeme > > > _______________________________________________ > Please read the documentation before posting - it's available at: > http://www.linuxvirtualserver.org/ > > LinuxVirtualServer.org mailing list - [email protected] > Send requests to [email protected] > or go to http://lists.graemef.net/mailman/listinfo/lvs-users _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
