I don't know how you can tell it's working unless you have two realservers Well , I have already tested installation with 2 real servers ... Balancing algorithm is not the issue I wanted to point out here...
You can't use stateful filtering as the director doesn't see the reply packets Does it mean that I am completely wrong when I try to do "high level" firewalling (open or close some ports) ? I 'd like to set up a very simple rule : allow only port 80 connections on my director for the VIP. Real IP of this server should allow more things. Need to patch the kernel ? I 've read the HOWTO, but not sure of response, especially for recent kernels. Many thanks , Yann ________________________________ De : Joseph Mack NA3T <[email protected]> À : LinuxVirtualServer.org users mailing list. <[email protected]> Cc : [email protected] Envoyé le : Mardi, 14 Avril 2009, 14h39mn 15s Objet : Re: [lvs-users] IPVS and IPTABLES firewall On Tue, 14 Apr 2009, w y wrote: > I have installed a basic http loadbalancing that work perfectly : > > Internet <-> LVS/VIP <-> RIP (1 machine) I don't know how you can tell it's working unless you have two realservers > But unfortunalty, when I run my "usual" firewall script to protect my > director server (ie some IPTABLES commands to only allow port 80), > loadbalancing is broken only add rules that work. You can't use stateful filtering as the director doesn't see the reply packets > Do you mean that we don't ne to patch the kernel ? you can figure it out from the HOWTO. Sorry it's been so long since I wrote that stuff, and I don't use it myself, that I don't know the answer anymore Joe -- Joseph Mack NA3T EME(B,D), FM05lw North Carolina jmack (at) wm7d (dot) net - azimuthal equidistant map generator at http://www.wm7d.net/azproj.shtml Homepage http://www.austintek.com/ It's GNU/Linux! _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
