> > IP's into a second box, behind the wall, running ipvsadm. > > I assume you mean the box is a director.
Yes, my terminology is less than normal today, > > if it is and if so, what I should expect. > > sometimes it works OK and sometimes it doesn't. So is this something you would recommend we explore, or just go back to using a dual server system? When it does work, does it work reliably or does it sometimes fail? > > * Firewall would be 1.1.1.2 on eth0 > > * Firewall would also have aliases for 1.1.1.3, 1.1.1.4, and 1.1.1.5 on > eth0 > > use secondary IPs not aliases. Sorry, again terminology, but then again, let me ask the question. We add additiona IP's in to /etc/sysconfig/network-scripts/ifcfg-eth:<id>. Is that considered secondary or alias? Or should we be using ip addr add? > > > iptables would have this: > > > > -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT > > accept nic:VIP:port, all else reject > We reject everything to begin with. I was wanted to make sure I was on the right track. I still assume that I want to use IN and not FORWARD (at least at this point) as the traffic is technically coming into the firewall). BTW, thanks for the quick response. Gary _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
