Red Hat LINUX VIRTUAL SERVER 4.7 - ADMINISTRATION Przewodnik Instalacji Pobierz pdf (Strona 34)

network packets.

Before creating network packet filter rules, make sure there are no rules already in place. To do this,

open a shell prompt, login as root, and type:

/sbin/service iptables status

If iptables is not running, the prompt will instantly reappear.

If iptables is active, it displays a set of rules. If rules are present, type the following command:

/sbin/service iptables stop

If the rules already in place are important, check the contents of /etc/sysconfig/iptables and

copy any rules worth keeping to a safe place before proceeding.

Below are rules which assign the same firewall mark, 80, to incoming traffic destined for the floating IP

address, n.n.n.n, on ports 80 and 443.

/sbin/m odprobe ip_tables

/sbin/iptables -t m angle -A PREROUTING -p tcp -d n.n.n.n/32 --dport 80 -j

MARK --set-m ark 80

/sbin/iptables -t m angle-A PREROUT ING -p tcp -d n.n.n.n/32 --dport 4 4 3 -j

MARK --set-m ark 80

For instructions on assigning the VIP to the public network interface, see Section 4.6.1, “T he VIRTUAL

SERVER Subsection”. Also note that you must log in as root and load the module for iptables before

issuing rules for the first time.

In the above iptables commands, n.n.n.n should be replaced with the floating IP for your HT TP and

HTTPS virtual servers. T hese commands have the net effect of assigning any traffic addressed to the

VIP on the appropriate ports a firewall mark of 80, which in turn is recognized by IPVS and forwarded

appropriately.

Warning

The commands above will take effect immediately, but do not persist through a reboot of the

system. To ensure network packet filter settings are restored upon reboot, refer to Section 3.6,

“Saving Network Packet Filter Settings”

3.5. Configuring FTP

File Transport Protocol (FT P) is an old and complex multi-port protocol that presents a distinct set of

challenges to an LVS environment. To understand the nature of these challenges, you must first

understand some key things about how FT P works.

3.5.1. How FTP Works

With most other server client relationships, the client machine opens up a connection to the server on a

particular port and the server then responds to the client on that port. When an FTP client connects to

an FTP server it opens a connection to the FT P control port 21. Then the client tells the FT P server

whether to establish an active or passive connection. T he type of connection chosen by the client

Chapter 3. Setting Up LVS

1 2 ... 29 30 31 32 33 34 35 36 37 38 39 ... 58 59

Brak uwag

Red Hat LINUX VIRTUAL SERVER 4.7 - ADMINISTRATION Przewodnik Instalacji Strona 34