Ignore:
Timestamp:
Jun 9, 2009, 2:32:18 PM (15 years ago)
Author:
quentin
Message:
Change the LVS configuration to use the same source hashing; FWM 1 is the same as before, FWM 2 is Apache-bound traffic, and FWM 3 is Postfix-bound traffic
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/lvs/debian/config/etc/network/if-up.d/iptables

    r1005 r1184  
    11#!/bin/sh
    22## Joe Presbrey <presbrey@mit.edu>
     3## Quentin Smith <quentin@mit.edu>
    34## SIPB Scripts LVS Firewall marks
    45
    56iptables -F -t mangle
    67
     8# Create a table for regular scripts hosts
     9iptables -t mangle -N scripts 2>/dev/null || :
     10
     11# scripts-vhosts.mit.edu
     12iptables -A PREROUTING -t mangle -d 18.181.0.46 -j scripts
    713# scripts.mit.edu
    8 iptables -A PREROUTING -t mangle -m tcp -m multiport -p tcp -d 18.181.0.46/31 --dports 25,80,443,444 -j MARK --set-mark 2
    9 iptables -A PREROUTING -t mangle -m mark --mark 0 -d 18.181.0.46/31 -j MARK --set-mark 1
     14iptables -A PREROUTING -t mangle -d 18.181.0.43 -j scripts
     15# scripts-cert.mit.edu
     16iptables -A PREROUTING -t mangle -d 18.181.0.50 -j scripts
    1017
    11 # scripts-new.mit.edu
    12 iptables -A PREROUTING -t mangle -m tcp -m multiport -p tcp -d 18.181.0.43 --dports 25,80,443,444 -j MARK --set-mark 2
    13 iptables -A PREROUTING -t mangle -m mark --mark 0 -d 18.181.0.43 -j MARK --set-mark 1
     18# Send Apache-bound traffic to FWM 2 (load-balanced)
     19iptables -A scripts -t mangle -m tcp -m multiport -p tcp --dports 80,443,444 -j MARK --set-mark 2
     20# Send SMTP-bound traffic to FWM 3 (load-balanced)
     21iptables -A scripts -t mangle -m tcp -p tcp --dport 25 -j MARK --set-mark 3
     22# Send everything else to FWM 1 (primary)
     23iptables -A scripts -t mangle -m mark --mark 0 -j MARK --set-mark 1
    1424
    15 # scripts-cert.mit.edu
    16 iptables -A PREROUTING -t mangle -m tcp -m multiport -p tcp -d 18.181.0.50/31 --dports 25,80,443,444 -j MARK --set-mark 2
    17 iptables -A PREROUTING -t mangle -m mark --mark 0 -d 18.181.0.50/31 -j MARK --set-mark 1
    18 
    19 # webzephyr.mit.edu
    20 iptables -A PREROUTING -t mangle -m tcp -m multiport -p tcp -d 18.181.0.49 --dports 80,443 -j MARK --set-mark 2
     25# webzephyr.mit.edu is special because its SMTP needs to always go to the primary (FWM 1)
     26iptables -A PREROUTING -t mangle -m tcp -m multiport -p tcp -d 18.181.0.49 --dports 80,443,444 -j MARK --set-mark 2
    2127iptables -A PREROUTING -t mangle -m mark --mark 0 -d 18.181.0.49 -j MARK --set-mark 1
Note: See TracChangeset for help on using the changeset viewer.