Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentAPPLICATION SERVER - JONAS
41424344454647484950
occur within the length of time specified by the persistence parameter. For more on assigning
persistence to a virtual server, see Section 6.1, “The VIRTUAL SERVER Subsection”.
Unfortunately, the mechanism used to balance the loads on the real servers — IPVS — can
recognize the firewall marks assigned to a packet, but cannot itself assign firewall marks. The
job of assigning firewall marks must be performed by the network packet filter, iptables,
outside of Piranha Configuration Tool.
4.1. Assigning Firewall Marks
To assign firewall marks to a packet destined for a particular port, the administrator must use
iptables.
This section illustrates how to bundle HTTP and HTTPS as an example; however, FTP is
another commonly clustered multi-port protocol. If an LVS is used for FTP services, refer to
Section 5, “Configuring FTP” for configuration details.
The basic rule to remember when using firewall marks is that for every protocol using a firewall
mark in Piranha Configuration Tool there must be a commensurate iptables rule to assign
marks to the network packets.
Before creating network packet filter rules, make sure there are no rules already in place. To do
this, open a shell prompt, login as root, and type:
/sbin/service iptables status
If iptables is not running, the prompt will instantly reappear.
If iptables is active, it displays a set of rules. If rules are present, type the following command:
/sbin/service iptables stop
If the rules already in place are important, check the contents of /etc/sysconfig/iptables
and copy any rules worth keeping to a safe place before proceeding.
Below are rules which assign the same firewall mark, 80, to incoming traffic destined for the
floating IP address, n.n.n.n, on ports 80 and 443.
/sbin/modprobe ip_tables
/sbin/iptables -t mangle -A PREROUTING -p tcp -d n.n.n.n/32 --dport 80 -j MARK
--set-mark 80
/sbin/iptables -t mangle-A PREROUTING -p tcp -d n.n.n.n/32 --dport 443 -j MARK
--set-mark 80
For instructions on assigning the VIP to the public network interface, see Section 6.1, “The
VIRTUAL SERVER Subsection”. Also note that you must log in as root and load the module for
iptables before issuing rules for the first time.
In the above iptables commands, n.n.n.n should be replaced with the floating IP for your
Assigning Firewall Marks
31