Using iptables redirect for ARP problem on red hat real servers

Joseph Mack mack.joseph at epa.gov
Wed Jul 7 12:13:16 BST 2004


Malcolm Turnbull wrote:
> 
> But I've got
> 
> iptables -t nat -A PREROUTING -p tcp -d VIP -j REDIRECT
> 
> working on several 2.4 kernel real servers, are you sure its not "2.2 only"

yes. much work went into making sure it didn't work ;-/

> when trying to do transparent proxy on the director ?
> I just want it on the real server to prevent ARP problems when the director is in DR mode...
> Ultamonkey site implies that it works (transparent proxy that is)?

transparent proxy works fine for all kernels (eg for squid)
The reason it doesn't work on the director for the VIP in LVS is
explained in the HOWTO section 14.5. It's possible
transparent proxy will still work on the realservers, since the packet
doesn't have to be forwarded.

If it works for 2.4 for your situation, then it still should work for 2.6,
since (AFAIK) they tried to keep the functionality the same.
If it doesn't work anymore, I can ask Harald Welte about it in a few
weeks at OLS.

Hmm, I just realised I don't know which kernel series you're running
2.4 or 2.6

Joe

-- 
Joseph Mack PhD, High Performance Computing & Scientific Visualization
LMIT, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.johnb at epa.gov


More information about the lvs-users mailing list