Context Navigation

iptables @ 1199

Last change on this file since 1199 was 1199, checked in by quentin, 15 years ago
Give finger port to the LVS directors
Property svn:executable set to ``*
File size: 1.3 KB

Rev	Line
[210]	1	#!/bin/sh
	2	## Joe Presbrey <presbrey@mit.edu>
[1184]	3	## Quentin Smith <quentin@mit.edu>
[210]	4	## SIPB Scripts LVS Firewall marks
	5
	6	iptables -F -t mangle
	7
[1184]	8	# Create a table for regular scripts hosts
	9	iptables -t mangle -N scripts 2>/dev/null \|\| :
	10
	11	# scripts-vhosts.mit.edu
	12	iptables -A PREROUTING -t mangle -d 18.181.0.46 -j scripts
[210]	13	# scripts.mit.edu
[1184]	14	iptables -A PREROUTING -t mangle -d 18.181.0.43 -j scripts
	15	# scripts-cert.mit.edu
	16	iptables -A PREROUTING -t mangle -d 18.181.0.50 -j scripts
[210]	17
[1184]	18	# Send Apache-bound traffic to FWM 2 (load-balanced)
	19	iptables -A scripts -t mangle -m tcp -m multiport -p tcp --dports 80,443,444 -j MARK --set-mark 2
	20	# Send SMTP-bound traffic to FWM 3 (load-balanced)
	21	iptables -A scripts -t mangle -m tcp -p tcp --dport 25 -j MARK --set-mark 3
[1199]	22	# Send finger-bound traffic to FWM 255 (the LVS director itself)
	23	iptables -A scripts -t mangle -m tcp -p tcp --dport 79 -j MARK --set-mark 255
[1184]	24	# Send everything else to FWM 1 (primary)
	25	iptables -A scripts -t mangle -m mark --mark 0 -j MARK --set-mark 1
[965]	26
[1184]	27	# webzephyr.mit.edu is special because its SMTP needs to always go to the primary (FWM 1)
	28	iptables -A PREROUTING -t mangle -m tcp -m multiport -p tcp -d 18.181.0.49 --dports 80,443,444 -j MARK --set-mark 2
[577]	29	iptables -A PREROUTING -t mangle -m mark --mark 0 -d 18.181.0.49 -j MARK --set-mark 1

Note: See TracBrowser for help on using the repository browser.