Hi guys,
I''m looking at setting up LVS (Linux Virtual Server) on my
router/firewall
machine. (I''m using keepalived to do it)
I''m using shorewall for the firewall setup, there is NO masq on the
firewall
config.
Currently 2 nic''s in the box, eth0 is my upstream, eth1 is my internal
network.
ip addr
eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:40:d0:43:b4:be brd ff:ff:ff:ff:ff:ff
inet 202.45.103.86/30 brd 202.45.103.87 scope global eth0
eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:40:d0:43:b4:bf brd ff:ff:ff:ff:ff:ff
inet 202.45.102.1/25 brd 202.45.102.127 scope global eth1
ip route
202.45.103.84/30 dev eth0 proto kernel scope link src 202.45.103.86
202.45.102.0/25 dev eth1 proto kernel scope link src 202.45.102.1
default via 202.45.103.85 dev eth0
My rules are just ACCPET/REJECT based rules on the firewall side of things.
net = eth0
loc = eth1
ACCEPT net loc:202.45.102.30 tcp 80
ACCEPT net loc:202.45.102.33 tcp 80
etc....
What I wish to do is add a third network card to this machine and setup LVS.
The third nic would be brought up with
inet 10.0.10.1/24 brd 10.0.10.255
I would add it as a zone and interface in shorewall, but not quite sure
what/if any rules should I apply to shorewall.
>From what I''ve read with LVS it will have just as much fun with
iptables as
shorewall, LVS will add an IP to eth1 (the Virtual IP for the main servers)
and then setup iptables to MASQ this IP via eth2 where my real servers for
load balancing sit. I only have a sub set of servers that require balancing,
the rest are connected via eth1.
Has anyone done a setup in this config? Anyones thoughts on if it will even
work, before I dive in?
Cheers
Adam
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Prasanna Krishnamoorthy
2007-Nov-20 10:14 UTC
Re: Shorewall and LVS will they play nice...
On Nov 20, 2007 2:25 AM, Adam Niedzwiedzki <adstar@genis-x.com> wrote:> Hi guys, > > I''m looking at setting up LVS (Linux Virtual Server) on my router/firewall > machine. (I''m using keepalived to do it) > I''m using shorewall for the firewall setup, there is NO masq on the firewall > config.Coincidentally, I''m also working on keepalived + shorewall. In my case however, I will be doing masq on the firewalls. I do not need connection tracking, only basic failover. Does anyone have any experience with this setup and any suggestions? Prasanna. -- www.elinanetworks.com Seamless, secure delivery of applications. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Prasanna Krishnamoorthy wrote:> On Nov 20, 2007 2:25 AM, Adam Niedzwiedzki <adstar@genis-x.com> wrote: >> Hi guys, >> >> I''m looking at setting up LVS (Linux Virtual Server) on my router/firewall >> machine. (I''m using keepalived to do it) >> I''m using shorewall for the firewall setup, there is NO masq on the firewall >> config. > Coincidentally, I''m also working on keepalived + shorewall. In my case > however, I will be doing masq on the firewalls. I do not need > connection tracking, only basic failover. Does anyone have any > experience with this setup and any suggestions? >Prasanna, There are a couple of articles in the community support section on the Wiki. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/