[lvs-users] Ldirectord in Fedora Core 6 problem with squid

Graeme Fowler graeme at graemef.net
Mon Jul 2 12:56:52 BST 2007 

Hi

Change your iptables rule; at the moment you can get packets
"reflecting" from one host to the other - you seem to be running two
directors which also host the squids, aren't you?

If the directors have MAC addresses MAC1 and MAC2, then you need to do
the following:

director1:
/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 \
  -m mac ! --mac-source $MAC2 -j MARK --set-mark 1

director2:
/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 \
  -m mac ! --mac-source $MAC1 -j MARK --set-mark 1

That prevents packets looping, causing the problem you see.

Graeme

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list