Installation guide
Chapter 9. Setting Up a Red Hat Enterprise Linux LVS Cluster 109
If iptables is active, it displays a set of rules. If rules are present, type the following
command:
/sbin/service iptables stop
If the rules already in place are important, check the contents of
/etc/sysconfig/iptables and copy any rules worth keeping to a safe place before
proceeding.
Below are rules which assign the same firewall mark, 80, to incoming
traffic destined for the floating IP address, n.n.n.n, on ports 80 and 443.
For instructions on assigning the VIP to the public network interface, see
Section 10.6.1 The VIRTUAL SERVER Subsection. Also note that you must log in as
root and load the module for iptables before issuing rules for the first time.
/sbin/modprobe ip_tables
/sbin/iptables -t mangle -A PREROUTING -p tcp \
-d n.n.n.n/32 --dport 80 -j MARK --set-mark 80
/sbin/iptables -t mangle-A PREROUTING -p tcp \
-d n.n.n.n/32 --dport 443 -j MARK --set-mark 80
In the above iptables commands, n.n.n.n should be replaced with the floating IP for
your HTTP and HTTPS virtual servers. These commands have the net effect of assigning
any traffic addressed to the VIP on the appropriate ports a firewall mark of 80, which in
turn is recognized by IPVS and forwarded appropriately.
Warning
The commands above will take effect immediately, but do not persist through a reboot
of the system. To ensure network packet filter settings are restored upon reboot, refer to
Section 9.5 Saving Network Packet Filter Settings
9.4. FTP In an LVS Cluster
File Transport Protocol (FTP) is an old and complex multi-port protocol that presents a
distinct set of challenges to a clustered environment. To understand the nature of these
challenges, you must first understand some key things about how FTP works.
9.4.1. How FTP Works
With most other server client relationships, the client machine opens up a connection to
the server on a particular port and the server then responds to the client on that port. When