Re: What's required for a stateful firewall + ipvs in 2.6 kernel?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Grant Taylor <gtaylor@riverviewtech.net>
To: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Re: What's required for a stateful firewall + ipvs in 2.6 kernel?
Date: Wed, 10 Sep 2008 12:03:40 -0500	[thread overview]
Message-ID: <48C7FDEC.3060907@riverviewtech.net> (raw)
In-Reply-To: <48C7FD16.301@vfive.com>

On 09/10/08 12:00, Brian Ghidinelli wrote:
> That's the issue... there are a lot of posts about LVS and netfilter on 
> Austintek.com and other sites but the dates range from 2000 to 2006 or 
> so making it hard to figure out what's current.

*nod*  This is the case with a lot of things, not just LVS.

> In sysadmining, I don't really like to be the pioneer. :)  No one else 
> has turned an RHEL box into a Firewall + LVS Director?

I doubt that you are the first, but I don't know that others have 
documented things for people to find.

> I believe keepalived synchronizes the LVS connections between ipvs on 
> the two boxes.  There is a config option "lvs_sync_daemon_inteface" for 
> this (as I understand it).

Ok...

> This is only half the picture though, and conntrackd appears to solve 
> the other half by also keeping netfilter in sync about which connections 
> are already established or related so iptables rules don't kill valid 
> sessions.

*nod*

> So in the end I suppose the real question is whether or not anyone has 
> successfully used the Antefacto patches on RHEL?  I will try the 
> lvs-users mailing list for that one...

Please follow up with what you find so others searching this archive in 
the future will have some information.

> Thanks for the help Grant,

You are welcome.

Grant. . . .

next prev parent reply	other threads:[~2008-09-10 17:03 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-09-09 23:47 What's required for a stateful firewall + ipvs in 2.6 kernel? Brian Ghidinelli
2008-09-10 15:16 ` Grant Taylor
2008-09-10 17:00   ` Brian Ghidinelli
2008-09-10 17:03     ` Grant Taylor [this message]
2008-09-23 10:09 ` Pablo Neira Ayuso
2008-09-23 20:31   ` Grant Taylor

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=48C7FDEC.3060907@riverviewtech.net \
    --to=gtaylor@riverviewtech.net \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.