From: Harald Welte <laforge@netfilter.org>
To: jamal <hadi@cyberus.ca>
Cc: Linux Netdev List <netdev@oss.sgi.com>,
Netfilter Development Mailinglist
<netfilter-devel@lists.netfilter.org>,
lmb@suse.de
Subject: Re: [PATCH 2.6] iptables CLUSTERIP target, seq_file version
Date: Thu, 21 Oct 2004 20:03:24 +0200 [thread overview]
Message-ID: <20041021180324.GL3551@sunbeam.de.gnumonks.org> (raw)
In-Reply-To: <1098380650.1031.82.camel@jzny.localdomain>
[-- Attachment #1: Type: text/plain, Size: 1046 bytes --]
On Thu, Oct 21, 2004 at 01:44:11PM -0400, jamal wrote:
>
> Sorry, couldnt resist - so out of hiding for just a few seconds; should
> be able to achieve this much simpler with gact.
One of the issues that CLUSTERIP needed to do is to work with
locally-originated connections, i.e. every node within the cluster still
has to be able to open tcp connections to anywhere.
We currently catch this with connection tracking, which will assign all
reply packets to such outbound connections INVALID on all but the
originating node in the cluster.
Yes, I know, this sounds like a very strange setup. Still it was one of
the requirements for it's implementation.
--
- Harald Welte <laforge@netfilter.org> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2004-10-21 18:03 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-10-20 22:38 [PATCH 2.6] iptables CLUSTERIP target Harald Welte
2004-10-20 23:18 ` YOSHIFUJI Hideaki / 吉藤英明
2004-10-21 4:40 ` David S. Miller
2004-10-21 7:44 ` Christoph Hellwig
2004-10-21 7:55 ` Christoph Hellwig
2004-10-21 9:12 ` Harald Welte
2004-10-21 9:40 ` Herbert Xu
2004-10-21 11:05 ` bert hubert
2004-10-21 13:03 ` Harald Welte
2004-10-21 13:33 ` Lars Marowsky-Bree
2004-10-21 14:25 ` Harald Welte
2004-10-21 15:08 ` bert hubert
2004-10-21 21:31 ` Allowing netlink_family to be any integer (was: [PATCH 2.6] iptables CLUSTERIP target) Herbert Xu
2004-10-21 22:53 ` Thomas Graf
2004-10-21 23:02 ` Allowing netlink_family to be any integer Ben Greear
2004-10-22 12:25 ` Allowing netlink_family to be any integer (was: [PATCH 2.6] iptables CLUSTERIP target) Herbert Xu
2004-10-22 12:53 ` jamal
2004-10-22 11:29 ` jamal
2004-10-22 11:39 ` Herbert Xu
2004-10-22 12:19 ` jamal
2004-10-22 12:32 ` Evgeniy Polyakov
2004-10-22 23:05 ` David S. Miller
2004-10-22 23:16 ` Herbert Xu
2004-10-26 3:27 ` David S. Miller
2004-10-21 16:36 ` [PATCH 2.6] iptables CLUSTERIP target, seq_file version Harald Welte
2004-10-21 17:44 ` jamal
2004-10-21 18:03 ` Harald Welte [this message]
2004-10-21 18:41 ` Henrik Nordstrom
2004-10-22 5:52 ` David S. Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20041021180324.GL3551@sunbeam.de.gnumonks.org \
--to=laforge@netfilter.org \
--cc=hadi@cyberus.ca \
--cc=lmb@suse.de \
--cc=netdev@oss.sgi.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).