El miÃ, 25 de 08 de 2004 a las 00:31, Stuart Clark escribiÃ: > Hi there.. > > I have a LVS setup with two directors direct routing to 4 real > servers. I have been trying to use the 'connlimit' patch from > Netfilter patch-o-matic on the director to restrict the number of > concurrent connections coming into the VIP. I have not been able to > get it working with the PREROUTING or FORWARD tables, and was > wondering if is due to LVS that connlimit can not seem to track > connections? > Maybe the problem is that you are using direct routing, that it's a hack to redirect the traffic directly to the routers without passing through the firewall. I don't really know which tables the traffic passes through when using direct routing, it should be in the LVS documentation. Maybe you would have more luck using the iproute2 system to limit the traffic using advanced routing or QOS. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
