>>> On 1/27/2012 at 03:18 PM, Dimitri Maziuk <[email protected]> wrote: > On 01/27/2012 02:48 PM, David Gersic wrote: >>>>> On 1/27/2012 at 02:37 PM, Dimitri Maziuk <[email protected]> wrote: > >>> Why not make it static? >> >> Yeah, I could, but I didn't want to. I wanted to make it part of the > resource group so it'll even be there if I add a new cluster node and > move the group to it. > > Fair enough. Rewriting iptables rules in a script is not something I'd > recommend, though.
No guts, no glory? Anyway, there are only two of them, and they're not all that complicated: iptables -t nat -A PREROUTING -i eth3 -p tcp --destination 131.156.21.44 --dport 443 -j DNAT --to 10.0.0.1:8443 iptables -t nat -A PREROUTING -i eth3 -p tcp --destination 131.156.21.44 --dport 80 -j DNAT --to 10.0.0.1:8080 I can use a couple of IPaddr2 RAs to bind 10.0.0.1 and 131.156.21.44 to eth3, so no problems there. Then I just need to add the rules to iptables. On the stop action, deleting the rules shouldn't be any big deal to do with "iptables -t nat -D PREROUTING ...". So I guess I'll be writing an RA for this. I'll think some more about it over the weekend, but I'm thinking that the interface (eth3), external ip (131.156.21.44), external port (80), internal ip (10.0.0.1) and internal port (8080) should be the required parameters. The rest can be hard coded in the RA script. I'm looking at the 'portblock' RA as a possible starting point, though it may be easier to start from scratch. Actions start and stop should be easy enough. Actions status and monitor don't really make any sense, though, so I'm not sure what I'll do with those. _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
