Hi, I hope you don't mind me trying to answer in English.
If the question is will the firewall drop the packet if IP spoofing protection is enabled then I suspect the answer is yes. The reply will come from the real server's MAC address but sourced from the VIP address so I'd recommend disabling any spoofing protection. Hope that helps. Aaron West Loadbalancer.org Limited +44 (0)330 380 1064 www.loadbalancer.org 2015-09-05 9:00 GMT+01:00 JWD <j...@163.com>: > 看了LVS的文档,觉得TUNEL/DR模式的半连接应该算是IP欺骗,这种方式会被防护墙拦截吗? > 还是说只要数据包里的源IP/目标IP/序列号对的上号,会话就不会有问题? > > -------------- > JWD > _______________________________________________ > Please read the documentation before posting - it's available at: > http://www.linuxvirtualserver.org/ > > LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org > Send requests to lvs-users-requ...@linuxvirtualserver.org > or go to http://lists.graemef.net/mailman/listinfo/lvs-users _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users