Steder, Michael Michael.Steder at
Tue Jan 14 09:32:49 GMT 2003


you can use firewall marks to make http/https-server work.

This job has to be done by iptables/ipchains, ipvs can recognize these, but
cannot assign them.

In the lvs configuration you can tell ipvs to handle packets on different
ports with the same firewall mark identically.

The rules to set the firewall mark to 80 on packets destined to the floating
IP address x.x.x.x on ports 80 and 443 

	/sbin/modprobe ip_tables
	/sbin/iptables -t mangle -A PREROUTING \
		-p tcp -d x.x.x.x/32 --dport 80 -j MARK --set-mark 80
	/sbin/iptables -t mangle -A PREROUTING \
		-p tcp -d x.x.x.x/32 --dport 443 -j MARK --set-mark 80

	/sbin/modprobe ipchains
	/sbin/ipchains -A input -p tcp -d x.x.x.x/32 80 -m 80
	/sbin/ipchains -A input -p tcp -d x.x.x.x/32 443 -m 80

After this my http/https-server worked fine :)
Make sure that packet filtering rules are made permanent, otherwise this
changes wont persist through a reboot.

Hope this helps,


-----Ursprüngliche Nachricht-----
Von: devendra orion [mailto:dev_orion at]
Gesendet: Montag, 13. Januar 2003 14:47
An: lvs-users at


I need help in setting up load balancer with HTTP and
HTTPS going to same real servers. 
Current configuration is

Load balancer and 3 real servers
The 3 real servers are serving HTTP and configured for
HTTPS.In load balncer i want HTTP to be scheduled in
round robin fashion and HTTPS to be in weghted least
connection. As we have to keep session persistent to
same real server i am using WLC with network address
level persistence for 60 mins. 

Now i am adding https and which is served by same real
servers, but i am not sure of how to configure it
properly. I tried the following configuration:

ipvsadm -A -t OutIP:80 -s rr 
ipvsadm -a -t OUTIP:80 RealIP1:80 -m
ipvsadm -a -t OUTIP:80 RealIP2:80 -m
ipvsadm -a -t OUTIP:80 RealIP3:80 -m

ipvsadm -A -t OutIP:443 -s wlc -p 3600 -M
ipvsadm -a -t OUTIP:443 RealIP1:443 -m
ipvsadm -a -t OUTIP:443 RealIP2:443 -m
ipvsadm -a -t OUTIP:443 RealIP3:443 -m

I also tried

ipvsadm -A -t OutIP:0 -s wlc -p 3600 -M
ipvsadm -a -t OUTIP:0 RealIP1:0 -m
ipvsadm -a -t OUTIP:0 RealIP2:0 -m
ipvsadm -a -t OUTIP:0 RealIP3:0 -m

But the problem is the site is not visible the moment
i enable the HTTPS on realserver.

At a time only one port is accessible 80 or 443.

I am not sure whether th load balance is configured
wrong or real servers.

Waiting for your help.
Dev Orion

Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.

_______________________________________________ mailing list - lvs-users at
Send requests to lvs-users-request at
or go to

More information about the lvs-users mailing list