Login | Register For Free | Help	Search this list this category for: (Advanced)

Mailing List Archive: Linux Virtual Server: Users [lvs-users] IPVSADM/IPTables question   Index | Next | Previous | View Flat

gary at primeexalia Sep 12, 2007, 10:05 AM Views: 719 Permalink [lvs-users] IPVSADM/IPTables question I need to put together a firewall for a site that will also have a need for ipvsadm services running with it. Our original idea was to forward several of the external IP's into a second box, behind the wall, running ipvsadm. When rethinking about the problem, we thought that we might be able to just run iptables and ipvsadm on the same box. I recall from an issue I had a couple years back that this might not be possible. So I'm checking to see if it is and if so, what I should expect. Here is a breif overview of the network. My understanding is that for iptables, I would be using the IN path, instead of forward. The example is simplified. We use fairly restrictive firewalls as well, just trying to work through a sample. Externally we have 6 public IP's. We'll say 1.1.1.0/29, internally we have 10.0.0.0/24. * Firewall would be 1.1.1.2 on eth0 * Firewall would also have aliases for 1.1.1.3, 1.1.1.4, and 1.1.1.5 on eth0 * Firewall has internal address 10.0.0.1/24 on eth1 * Firewall has port forwarding set * Real Server 1 has internal address of 10.0.0.5/25 on eth0 * Real Server 1 has external address of 1.1.1.3/32 on lo * Real Server 2 has internal address of 10.0.0.6/25 on eth0 * Real Server 2 has external address of 1.1.1.3/32 on lo * Real Server 3 has internal address of 10.0.0.7/25 on eth0 * Real Server 3 has external address of 1.1.1.3/32 on lo ipvsadm rules would look like this: -A -t 1.1.1.3:80 -s wlc -a -t 1.1.1.3:80 -r 10.0.0.5 -g -w 100 -a -t 1.1.1.3:80 -r 10.0.0.6 -g -w 100 -a -t 1.1.1.3:80 -r 10.0.0.7 -g -w 100 iptables would have this: -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT Does this sound reasonable? Will it work? Is there anything that I should worry about? _______________________________________________ LinuxVirtualServer.org mailing list - lvs-users[at]LinuxVirtualServer.org Send requests to lvs-users-request[at]LinuxVirtualServer.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users

Subject User Time [lvs-users] IPVSADM/IPTables question gary at primeexalia Sep 12, 2007, 10:05 AM     Re: [lvs-users] IPVSADM/IPTables question jmack at wm7d Sep 12, 2007, 10:25 AM         Re: [lvs-users] IPVSADM/IPTables question gary at primeexalia Sep 12, 2007, 10:38 AM     Re: [lvs-users] IPVSADM/IPTables question jmack at wm7d Sep 12, 2007, 11:04 AM         Re: [lvs-users] IPVSADM/IPTables question gary at primeexalia Sep 12, 2007, 11:17 AM         Re: [lvs-users] IPVSADM/IPTables question gary at primeexalia Sep 13, 2007, 8:03 AM     Re: [lvs-users] IPVSADM/IPTables question gary at primeexalia Sep 13, 2007, 8:04 AM     Re: [lvs-users] IPVSADM/IPTables question jmack at wm7d Sep 13, 2007, 8:27 AM     Re: [lvs-users] IPVSADM/IPTables question gary at primeexalia Sep 13, 2007, 8:27 AM     Re: [lvs-users] IPVSADM/IPTables question jmack at wm7d Sep 13, 2007, 10:31 AM         Re: [lvs-users] IPVSADM/IPTables question gary at primeexalia Sep 13, 2007, 10:41 AM     Re: [lvs-users] IPVSADM/IPTables question jmack at wm7d Sep 13, 2007, 10:59 AM         Re: [lvs-users] IPVSADM/IPTables question gary at primeexalia Sep 13, 2007, 11:16 AM

Index | Next | Previous | View Flat   Linux Virtual Server     Users

Interested in having your list archived? Contact lists@gossamer-threads.com
 

Web Applications & Managed Hosting Powered by Gossamer Threads Inc.