Firewall marks not working as expected?
Sébastien BONNET
sebastien.bonnet at experian.fr
Mon Apr 3 08:51:36 UTC 2006
> Am I doing something completely wrong here? Anyone
> have any suggestions?
When using firewall marks, you define your virtual service just once.
That's the benefit ! Imagine you have 20 ports bundled using the same
fwmark, you'll have only one virtual service.
For the record, in your second (and useless) virtual server, you defined
port 443 (SSL) but try to send a plain HTTP request. This CAN'T work !
Your lvs.cf should be :
service = lvs
primary = 10.0.0.1
backup = 10.0.0.2
backup_active = 1
heartbeat = 1
heartbeat_port = 1050
keepalive = 6
deadtime = 18
rsh_command = ssh
network = nat
nat_router = 192.168.15.254 eth0:1
virtual server_119_129_http {
address = 10.0.119.129 eth1:129
active = 1
load_monitor = uptime
timeout = 5
reentry = 10
port = 80
send = "GET / HTTP/1.0\r\n\r\n"
expect = "HTTP"
scheduler = wlc
persistent = 60
pmask = 255.255.255.255
fwmark = 80
protocol = tcp
server app-1 {
address = 192.168.5.1
active = 1
weight = 1
}
server app-2 {
address = 192.168.5.2
active = 1
weight = 1
}
server app-3 {
address = 192.168.5.3
active = 1
weight = 1
}
}
Best regards,
--
Sébastien BONNET -- Ingénieur système
Tel: 04.42.25.15.40 GSM: 06.64.44.58.98
More information about the Piranha-list
mailing list