Cannot get ipvs fwmark service to work

Mindaugas mind at bi.lt
Tue Oct 10 15:30:58 BST 2006 

> do you mean CLUSTERIP target? i hadn't looked into it and it seems kind
> of cool, but alas, not much going on with it... or is there?!
>
> lvs has quite a bit of infra/soulutions built on it.

  Thanks. That's what I needed.

  And one more question about my setup. Now lvs works and I need to setup 
iptables
rules to pass only LVS traffic. How to do that in the simpliest way? For 
outgoing
packets it's easy:
  - mark packets (iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 
80 -j MARK --set-mark 0x1);
  - accept those packets in the INPUT chain (iptables -A INPUT -m 
mark --mark 0x1 -j ACCEPT);
  - and that's it. LVS packets don't go through FORWARD chain.

  But how to match returning packets in the FORWARD chain in the simpliest 
and "the most correct" way?
  For simple SNAT/DNAT packets there is "-m conntrack --ctstate SNAT,DNAT" 
match

  Thanks,

  Mindaugas

  P.S.
# ipvsadm -Sn
-A -f 1 -s wlc -p 10
-a -f 1 -r 192.168.150.26:0 -m -w 1

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list