McAfee FIREWALL 2.10 Uživatelský manuál stáhnout pdf (Strana 21)

Router / Default Gateway Configuration

N.B. This is required when no changes have been made to the clients gateway settings

Depending on your network configuration, rules must be added to the router/default gateway so that all

HTTP traffic is sent to the VIP on the load balancer. The load balancer then distributes this traffic between

the Web Gateway servers.

Example iptables rules:

CLIENT="192.168.2.0/24"

FWMARK="10"

TABLE="10"

LOADBALANCER ="192.168.2.204"

iptables -t mangle -A PREROUTING -s $CLIENT -p tcp -m tcp --dport 80 -j MARK --set-mark $FWMARK

ip route flush table $TABLE

ip route add default via $LOADBALANCER dev eth3 table $TABLE

ip rule add fwmark $FWMARK table $TABLE

ip route flush cache

ip route show table $TABLE

route add default gw 192.168.2.1

This example uses policy routing via firewall marks. This works by first selecting and marking the packets we

want to be sent to the proxy, i.e. all packets on port 80. Then, when the kernel goes to make a routing

decision, the marked packets aren't routed using the normal routing table, instead via table 10 in this case.

Table 10 has only one entry: route packets to the Web Gateway.

Client Configuration

If rules are configured on the router as described in the section above, no client change are required. If such

rules are not configured, then the default gateway on the client PCs must be modified to be the load

balancer.

1 2 ... 16 17 18 19 20 21 22 23 24 25 26

Žádné komentáře

McAfee FIREWALL 2.10 Uživatelský manuál Strana 21