Using iptables redirect for ARP problem on red hat real servers

Joseph Mack mack.joseph at
Wed Jul 7 22:13:25 BST 2004

Peter Mueller wrote:

> On my real servers I have : $IPTABLES -t nat -A PREROUTING -p tcp -d
> $VIP1 --dport 80 -j REDIRECT --to-port 80.  If I remember correctly "-j
> REDIRECT" is broken on stock kernels. 

broken only for LVS

> Vendor kernels have an iptables patch that restores functionality.

only RH that I've heard of. (It could be in all of them for all I know.)
> Actually I have just dug into google a bit on this issue.  As it turns
> out iptables of 1.2.7a - or possibly earlier - appears to have restored
> this functionality.  Here is the thread :

I found two postings in this thread. There were about the inability
of iptables-1.2.7a to parse a previously working set of arguments
(which included -j REDIRECT).

Neither was about the functionality of Horms Method (using transparent
proxy with LVS) that I could see.

> RE: director, why would you want transparent proxy to work there?

it was Horms first use of transparent proxy for LVS. You can read how
it was used in the HOWTO


Joseph Mack PhD, High Performance Computing & Scientific Visualization
LMIT, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.johnb at

More information about the lvs-users mailing list