Finally , I got it.
RealServer talk to firewall with eth0, not VIP.
Thank you.
JWD
å‘件人: JWD
å‘é€æ—¶é—´ï¼š 2015-09-08 14:31
收件人: Aaron West; lvs-users
主题: Re: [lvs-users]LVS TUNEL/DR模å¼çš„åŠè¿žæŽ¥ä¼šè¢«é˜²ç«å¢™æ‹¦æˆªå—?
hi,
Thank you for your reply.
I still confused.
Think about this:
Client ----> FireWall(find MAC of LVS) ----> LVS(find MAC of RealServer) ----> RealServer(reponse with MAC of RealServer) ----> FireWall(What MAC of VIP in ARP table?)
My question is , at last step:
Will firewall check MAC of VIP? Or igore it?
What MAC of VIP in firewall's ARP table? MAC of LVS? Or MAC of RealServer?
JWD
å‘件人: Aaron West
å‘é€æ—¶é—´ï¼š 2015-09-08 05:57
收件人: LinuxVirtualServer.org users mailing list.; j-wd
主题: Re: [lvs-users] LVS TUNEL/DR模å¼çš„åŠè¿žæŽ¥ä¼šè¢«é˜²ç«å¢™æ‹¦æˆªå—?
Hi,
I hope you don't mind me trying to answer in English.
If the question is will the firewall drop the packet if IP spoofing protection is enabled then I suspect the answer is yes. The reply will come from the real server's MAC address but sourced from the VIP address so I'd recommend disabling any spoofing protection.
Hope that helps.
Aaron West
Loadbalancer.org Limited
+44 (0)330 380 1064
www.loadbalancer.org
2015-09-05 9:00 GMT+01:00 JWD <j-wd@163.com>:
看了LVS的文档,觉得TUNEL/DR模å¼çš„åŠè¿žæŽ¥åº”该算是IP欺骗,这ç§æ–¹å¼ä¼šè¢«é˜²æŠ¤å¢™æ‹¦æˆªå—?
还是说åªè¦æ•°æ®åŒ…里的æºIP/ç›®æ ‡IP/åºåˆ—å·å¯¹çš„上å·ï¼Œä¼šè¯å°±ä¸ä¼šæœ‰é—®é¢˜ï¼Ÿ
--------------
JWD
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to
http://lists.graemef.net/mailman/listinfo/lvs-users _______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to
http://lists.graemef.net/mailman/listinfo/lvs-users _______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to
http://lists.graemef.net/mailman/listinfo/lvs-users