Well, I found that with CentOS/Fedora/RHEL, I could use their standard
network-scripts to create VLAN devices.
I got VLAN devices running OK, but then ended up in the same boat as
before.
Also, it might be nice if keepalived/LVS had the option of entering a
VLAN device in keepalived.conf? (might
W Agtail wrote:
On Mon, 2007-04-09 at 11:11 -0700, Ben Greear wrote:
W Agtail wrote:
Nice one, but unfortunately still doesn't work.
I'm now not seeing any marked messages in /var/log/messages and traffic
still going via gw2 for port 8088.
Maybe you could use something like my m
On Mon, 2007-04-09 at 11:11 -0700, Ben Greear wrote:
> W Agtail wrote:
> > Nice one, but unfortunately still doesn't work.
> > I'm now not seeing any marked messages in /var/log/messages and traffic
> > still going via gw2 for port 8088.
>
> Maybe you could use something like my mac-vlan virtual d
On Mon, Apr 09, 2007 at 07:24:07PM +0100, W Agtail wrote:
> Yup, I've been flushing iptables each time. This is what we have atm:
> iptables -n -v -t mangle -L
>
> Chain PREROUTING (policy ACCEPT 12656 packets, 2518K bytes)
> pkts bytes target prot opt in out source
> destination
>
On Mon, 2007-04-09 at 14:11 -0400, Lennart Sorensen wrote:
> On Mon, Apr 09, 2007 at 07:05:31PM +0100, W Agtail wrote:
> > Nice one, but unfortunately still doesn't work.
> > I'm now not seeing any marked messages in /var/log/messages and traffic
> > still going via gw2 for port 8088.
>
> What doe
W Agtail wrote:
Nice one, but unfortunately still doesn't work.
I'm now not seeing any marked messages in /var/log/messages and traffic
still going via gw2 for port 8088.
Maybe you could use something like my mac-vlan virtual device to make
your single NIC look like two NICs? You can find link
On Mon, Apr 09, 2007 at 07:05:31PM +0100, W Agtail wrote:
> Nice one, but unfortunately still doesn't work.
> I'm now not seeing any marked messages in /var/log/messages and traffic
> still going via gw2 for port 8088.
What does 'iptables -v -t mangle -L' show at the moment? Have you been
flushin
Nice one, but unfortunately still doesn't work.
I'm now not seeing any marked messages in /var/log/messages and traffic
still going via gw2 for port 8088.
Thanks again.
On Mon, 2007-04-09 at 13:23 -0400, Lennart Sorensen wrote:
> On Mon, Apr 09, 2007 at 06:02:23PM +0100, W Agtail wrote:
> > Than
On Mon, Apr 09, 2007 at 06:02:23PM +0100, W Agtail wrote:
> Thanks Patrick for your comments too.
> It seems that you can't mix PREROUTING with --sport or -o.
> I've also changed the ip rule tables to higher numbers, so I now have:
I thought you could have --sport, but NOT -o. No need for -o of c
W Agtail wrote:
> Thanks Patrick for your comments too.
> It seems that you can't mix PREROUTING with --sport or -o.
-o only works after routing.
> I've also changed the ip rule tables to higher numbers, so I now have:
> iptables -t mangle -A PREROUTING -p tcp --dport 8088 -i eth0 -j MARK
> --set
On Mon, 2007-04-09 at 12:19 -0400, Lennart Sorensen wrote:
> On Mon, Apr 09, 2007 at 06:13:50PM +0200, Patrick McHardy wrote:
> > As the name suggests, POSTROUTING comes after routing, so marking
> > packets there doesn't affect routing. Use PREROUTING for forwarded
> > traffic and OUTPUT for local
On Mon, Apr 09, 2007 at 06:13:50PM +0200, Patrick McHardy wrote:
> As the name suggests, POSTROUTING comes after routing, so marking
> packets there doesn't affect routing. Use PREROUTING for forwarded
> traffic and OUTPUT for locally generated traffic.
I didn't even notice that had been changed.
Lennart Sorensen wrote:
> On Mon, Apr 09, 2007 at 04:56:20PM +0100, W Agtail wrote:
>
>>Hi there, and thanks v. much for getting back to me on this one.
>>I now have changed iptables on the web servers to the following:
>>
>>iptables -t mangle -A POSTROUTING -p tcp --sport 8088 -o eth0 -j MARK
>>-
On Mon, Apr 09, 2007 at 04:56:20PM +0100, W Agtail wrote:
> Hi there, and thanks v. much for getting back to me on this one.
> I now have changed iptables on the web servers to the following:
>
> iptables -t mangle -A POSTROUTING -p tcp --sport 8088 -o eth0 -j MARK
> --set-mark 1
> iptables -t man
On Mon, 2007-04-09 at 10:54 -0400, Lennart Sorensen wrote:
> On Sun, Apr 08, 2007 at 08:29:07PM +0100, W Agtail wrote:
> > This is what I'm trying to achieve with the following iptables/iproute2
> > configuration on both web servers:
> >
> > iptables -t mangle -A PREROUTING -p tcp --dport 8088 -i
On Sun, Apr 08, 2007 at 08:29:07PM +0100, W Agtail wrote:
> This is what I'm trying to achieve with the following iptables/iproute2
> configuration on both web servers:
>
> iptables -t mangle -A PREROUTING -p tcp --dport 8088 -i eth0 -j LOG
> --log-prefix "fwmark 1: "
> iptables -t mangle -A PRERO
Hi, please refer to comments below.
On Sun, 2007-04-08 at 14:22 -0400, Lennart Sorensen wrote:
> On Sun, Apr 08, 2007 at 05:10:15PM +0100, W Agtail wrote:
> > Hi, and thanks very much for your response. Your guess sounds spot on.
> >
> > As you've mentioned, using one sync group works quite well
On Sun, Apr 08, 2007 at 05:10:15PM +0100, W Agtail wrote:
> Hi, and thanks very much for your response. Your guess sounds spot on.
>
> As you've mentioned, using one sync group works quite well and gives you
> an active/passive LVS cluster (not sure of correct terminology here -
> sorry), thus al
Hi, and thanks very much for your response. Your guess sounds spot on.
As you've mentioned, using one sync group works quite well and gives you
an active/passive LVS cluster (not sure of correct terminology here -
sorry), thus all traffic goes via LVS1, leaving LVS2 not doing much
unless LVS1 fai
On Sun, Apr 08, 2007 at 04:35:53AM +0100, W Agtail wrote:
> Hope you can help.
>
> I have the following setup using LVS (Linux Virtual Servers):
>
> LAN192.168.0.0/24- <= CLIENTS
> | |
> |
Hope you can help.
I have the following setup using LVS (Linux Virtual Servers):
LAN192.168.0.0/24- <= CLIENTS
| |
| |
LVS1LVS2
vip1: 192.1
21 matches
Mail list logo
