[Shorewall-users] Shorewall and LVS will they play nice...

Mon, 19 Nov 2007 12:56:08 -0800 

Hi guys,

I'm looking at setting up LVS (Linux Virtual Server) on my router/firewall
machine. (I'm using keepalived to do it)
I'm using shorewall for the firewall setup, there is NO masq on the firewall
config.
Currently 2 nic's in the box, eth0 is my upstream, eth1 is my internal
network.

ip addr

eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:40:d0:43:b4:be brd ff:ff:ff:ff:ff:ff
    inet 202.45.103.86/30 brd 202.45.103.87 scope global eth0
eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:40:d0:43:b4:bf brd ff:ff:ff:ff:ff:ff
    inet 202.45.102.1/25 brd 202.45.102.127 scope global eth1


ip route

202.45.103.84/30 dev eth0  proto kernel  scope link  src 202.45.103.86
202.45.102.0/25 dev eth1  proto kernel  scope link  src 202.45.102.1 
default via 202.45.103.85 dev eth0

My rules are just ACCPET/REJECT based rules on the firewall side of things.
net = eth0
loc = eth1

ACCEPT  net     loc:202.45.102.30       tcp     80
ACCEPT  net     loc:202.45.102.33       tcp     80

etc....

What I wish to do is add a third network card to this machine and setup LVS.
The third nic would be brought up with
inet 10.0.10.1/24 brd 10.0.10.255

I would add it as a zone and interface in shorewall, but not quite sure
what/if any rules should I apply to shorewall.

>From what I've read with LVS it will have just as much fun with iptables as
shorewall, LVS will add an IP to eth1 (the Virtual IP for the main servers)
and then setup iptables to MASQ this IP via eth2 where my real servers for
load balancing sit. I only have a sub set of servers that require balancing,
the rest are connected via eth1.

Has anyone done a setup in this config? Anyones thoughts on if it will even
work, before I dive in?

Cheers
Adam



-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to