On Wed, 12 Sep 2007, Gary W. Smith wrote: > I need to put together a firewall for a site that will > also have a need for ipvsadm services running with it. > Our original idea was to forward several of the external > IP's into a second box, behind the wall, running ipvsadm.
I assume you mean the box is a director. > When rethinking about the problem, we thought that we > might be able to just run iptables and ipvsadm on the same > box. I recall from an issue I had a couple years back > that this might not be possible. So I'm checking to see > if it is and if so, what I should expect. sometimes it works OK and sometimes it doesn't. > * Firewall would be 1.1.1.2 on eth0 > * Firewall would also have aliases for 1.1.1.3, 1.1.1.4, and 1.1.1.5 on eth0 use secondary IPs not aliases. > iptables would have this: > > -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT accept nic:VIP:port, all else reject you don't want people connecting from the outside world to anything but the VIP:port Joe -- Joseph Mack NA3T EME(B,D), FM05lw North Carolina jmack (at) wm7d (dot) net - azimuthal equidistant map generator at http://www.wm7d.net/azproj.shtml Homepage http://www.austintek.com/ It's GNU/Linux! _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
