prevent rwhod broadcast on external interface

Alois Treindl alois at astro.ch
Sat Jul 3 23:10:44 BST 2004


I use LVS nat, and run rwhod on the director and all realservers.

rwhod works by sending udp broadcasts to port 513 on all interfaces.

I use redhat linux (RHEL 3.0)

I would like to restrict these udp broadcasts to the internal interface 
only, but rwho on Linux has no controls for such a restriction.

The broadcast packages on the external interface create some icmp error 
replies from other devices on the external interface, which then get 
logged in the director's syslog, every 3 minutes.

kernel: 10.1.2.4 sent an invalid ICMP type 11, code 0 error to 
broadcast: xxxx.255 on eth1

If I use iptables to prevent these broadcasts to go out on eth1, then 
rwhod is unhappy and creates another syslog entry every 3 minutes:

rwhod[4124]: sendto(xxx.255): Operation not permitted

I see two solutions, but don't know the howto for them:

a) use iptables to filter those unwanted ICMP replies
I tried, but could not get the filter rules right.

b) use the network interface configuration to disable all broadcasts on 
eth1. I don't know whether that is possible, whether it breaks some 
important other functionality, and how it is done.

Please don't advise me to stop rwhod - I find it convenient to see the 
status of the whole LVS cluster with 'ruptime'

Alois


More information about the lvs-users mailing list