Using iptables redirect for ARP problem on red hat real servers

Joseph Mack mack.joseph at epa.gov
Wed Jul 7 22:13:25 BST 2004


Peter Mueller wrote:

> On my real servers I have : $IPTABLES -t nat -A PREROUTING -p tcp -d
> $VIP1 --dport 80 -j REDIRECT --to-port 80.  If I remember correctly "-j
> REDIRECT" is broken on stock kernels. 

broken only for LVS

> Vendor kernels have an iptables patch that restores functionality.

only RH that I've heard of. (It could be in all of them for all I know.)
 
> Actually I have just dug into google a bit on this issue.  As it turns
> out iptables of 1.2.7a - or possibly earlier - appears to have restored
> this functionality.  Here is the thread :
> http://lists.netfilter.org/pipermail/netfilter/2002-September/038303.html. 

I found two postings in this thread. There were about the inability
of iptables-1.2.7a to parse a previously working set of arguments
(which included -j REDIRECT).

Neither was about the functionality of Horms Method (using transparent
proxy with LVS) that I could see.

> RE: director, why would you want transparent proxy to work there?

it was Horms first use of transparent proxy for LVS. You can read how
it was used in the HOWTO

Joe

-- 
Joseph Mack PhD, High Performance Computing & Scientific Visualization
LMIT, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.johnb at epa.gov


More information about the lvs-users mailing list