Firewall marking service

 

The firewall tag can only define multiple services as the same class. How can we define all future requests from the same client to the same realserver? Use LVS persitence

 

Assume that a specific request, such as http and mail, of a specific client cip, is directed to the same realserver. The firewall should be marked on Director.

 

1. director:

 

Iptables-A mangle-t PREROUTING-I eth0-d $ vip-p tcp -- dprot 80-j MARK -- set-mark 20

 

Iptables-A mangle-t PREROUTING-I eth0-d $ vip-p tcp -- dprot 110-j MARK -- set-mark 20

 

// Immediately mark the incoming request

 

Ipvsadm-A-f 20-s rr-p

 

// Add a cluster service and specify it as the firewall editing type. Use the wheel call algorithm and specify the default timeout value, that is, persistent connection.

 

Ipvsadm-a-f 20-r $ Rip1-g

 

// Add the realserver and define it as the DR Model

 

Ipvsadm-a-f 20-r $ Rip2-g

 

 

 

 

 

This article is from the "Beryl" blog