No subject


Wed Oct 31 03:56:24 EST 2007 

iptables -t nat -A PREROUTING -d xx.xx.xx.218 -p tcp --dport 0:65535 -j 
REDIRECT

Most of what I have found on the net is talking about redirecting ports 
and stuff like that.  I want a simple rule to allow the DIRECTOR to send 
the packets to the REALSERVER to be processed and the REALSERVER firewall 
to pass them though.

If I turn off the firewall on the realserver I can acces the web site from 
the VIP address.

Thanks
Andy

--=_alternative 0073D2C5882573AC_=
Content-Type: text/html; charset="US-ASCII"


<br><font size=2 face="sans-serif">I have my system all up and running.
&nbsp;I'm tring to turn on Linux Firewall ( IPTABLE ) on my realserver
but am lost as to what to us when using a TUNL0 setup</font>
<br>
<br><font size=2 face="sans-serif">If I access my web server by its RIP
address It works fine but when I go though the VIP address I get the following
from tcpdump</font>
<br>
<br><font size=2 face="sans-serif">12:43:07.786903 IP xx.xx.xx.17 &gt;
yy.yy.yy.194: IP zz.zz.zz.68.28538 &gt; xx.xx.xx.218.http: S 1722808321:1722808321(0)
win 8192 &lt;mss 1452,nop,wscale 2,nop,nop,sackOK&gt; (ipip-proto-4)</font>
<br><font size=2 face="sans-serif">12:43:07.786920 IP yy.yy.yy.194 &gt;
xx.xx.xx.17: icmp 80: host xx.xx.xx.194 unreachable - admin prohibited</font>
<br>
<br>
<br><font size=2 face="sans-serif">I'm using tunneling </font>
<br>
<br><font size=2 face="sans-serif">VIP address is &nbsp; &nbsp; &nbsp;
&nbsp;xx.xx.xx.218</font>
<br><font size=2 face="sans-serif">PIP address is &nbsp; &nbsp; &nbsp;
&nbsp;xx.xx.xx.17</font>
<br><font size=2 face="sans-serif">RIP address is &nbsp; &nbsp; &nbsp;
&nbsp;yy.yy.yy.194</font>
<br><font size=2 face="sans-serif">CIP address is &nbsp; &nbsp; &nbsp;
&nbsp;zz.zz.zz.68</font>
<br>
<br>
<br><font size=2 face="sans-serif">From what I read I should be using the
following on my RealServer</font>
<br>
<br><font size=2 face="sans-serif">iptables -t nat -A PREROUTING -d xx.xx.xx.218
-p tcp --dport 0:65535 -j REDIRECT</font>
<br>
<br><font size=2 face="sans-serif">Most of what I have found on the net
is talking about redirecting ports and stuff like that. &nbsp;I want a
simple rule to allow the DIRECTOR to send the packets to the REALSERVER
to be processed and the REALSERVER firewall to pass them though.</font>
<br>
<br><font size=2 face="sans-serif">If I turn off the firewall on the realserver
I can acces the web site from the VIP address.</font>
<br>
<br><font size=2 face="sans-serif">Thanks</font>
<br><font size=2 face="sans-serif">Andy</font>
<br>
--=_alternative 0073D2C5882573AC_=--

More information about the Ultramonkey-users mailing list