source: branches/fc11-dev/lvs/debian/config/etc/network/if-up.d/iptables @ 2843

Last change on this file since 2843 was 1210, checked in by mitchb, 15 years ago
Merge r1197:1209 from trunk to branches/fc11-dev
  • Property svn:executable set to *
File size: 1.3 KB
RevLine 
[210]1#!/bin/sh
2## Joe Presbrey <presbrey@mit.edu>
[1198]3## Quentin Smith <quentin@mit.edu>
[210]4## SIPB Scripts LVS Firewall marks
5
6iptables -F -t mangle
7
[1198]8# Create a table for regular scripts hosts
9iptables -t mangle -N scripts 2>/dev/null || :
10
11# scripts-vhosts.mit.edu
12iptables -A PREROUTING -t mangle -d 18.181.0.46 -j scripts
[210]13# scripts.mit.edu
[1198]14iptables -A PREROUTING -t mangle -d 18.181.0.43 -j scripts
15# scripts-cert.mit.edu
16iptables -A PREROUTING -t mangle -d 18.181.0.50 -j scripts
[210]17
[1198]18# Send Apache-bound traffic to FWM 2 (load-balanced)
19iptables -A scripts -t mangle -m tcp -m multiport -p tcp --dports 80,443,444 -j MARK --set-mark 2
20# Send SMTP-bound traffic to FWM 3 (load-balanced)
21iptables -A scripts -t mangle -m tcp -p tcp --dport 25 -j MARK --set-mark 3
[1210]22# Send finger-bound traffic to FWM 255 (the LVS director itself)
23iptables -A scripts -t mangle -m tcp -p tcp --dport 78:79 -j MARK --set-mark 255
[1198]24# Send everything else to FWM 1 (primary)
25iptables -A scripts -t mangle -m mark --mark 0 -j MARK --set-mark 1
[965]26
[1198]27# webzephyr.mit.edu is special because its SMTP needs to always go to the primary (FWM 1)
28iptables -A PREROUTING -t mangle -m tcp -m multiport -p tcp -d 18.181.0.49 --dports 80,443,444 -j MARK --set-mark 2
[577]29iptables -A PREROUTING -t mangle -m mark --mark 0 -d 18.181.0.49 -j MARK --set-mark 1
Note: See TracBrowser for help on using the repository browser.