|
Hello,
On Sat, 20 Jan 2001, Ivan Figueredo wrote:
> OK - Is there a web site or book that you can recommend that shows how to
> debug/understand TCP/IP packets?
The RFC documents are your friends:
http://www.ietf.cnri.reston.va.us/rfc.html
The numbers you need:
793 TRANSMISSION CONTROL PROTOCOL
1122 Requirements for Internet Hosts -- Communication Layers
1812 Requirements for IP Version 4 Routers
826 An Ethernet Address Resolution Protocol
man tcpdump can help to understand its outputs. I don't
remember for other documents. May be someone else has better
information :)
> >...BTW, the same level of security can be achieved using LVS/DR
> > where the real servers have private addresses as in the NAT setup. May
> > be Joe have this info in the HOWTO.
>
> You have anticipated my next question! Thx. this IS the way I will
> eventually need to set it up, as REAL IP addresses on the Internet are
> scarce.
Yes, put the same private addresses in the real servers, the
same def gw IP from the private network and add the VIPs on the loopback
adapter. I don't remember for other requirements. By default, when
the devices where the VIPs are defined in the real server are hidden,
so this feature does not allow the VIPs to be autoselected from the
kernel as source address for outgoing connections. VIP can be used
in connections if you bind to VIP and when the director feeds us
with packets with daddr=VIP. So, if you don't put other publicly
visible IP addresses in the real servers I don't see a reason why the
NAT setup will be more secure than this one.
> Regards,
>
> Ivan
Regards
--
Julian Anastasov <ja@xxxxxx>
|
