|
Hello,
On Fri, 2 Feb 2001, Joseph Mack wrote:
> > So, we need a way to nat the outgoing packets in the real
> > server but only when we access the client's authd.
>
> The packets from the real-server to the client's authd
> come from the VIP on the real-server and not the RIP.
But we need they to leave from the real server with saddr=RIP2.
RIP2 will be used only to connect to remote authd through the director.
We need one RIP2 for each VIP - this will be used in the director
to select the right VIP as maddr for the different RIP2 saddr.
If the director receives packets from the real server with
saddr=VIP they will be masqueraded (martian patch) but when the client
replies the replies will not reach the real server because the
demasquerading will select the VIP as next hop when sending the
packet to the real server and will deliver the packet locally.
This is the reason we prefer these packets to be NAT-ed in the real
server at the moment when they are generated. For the director such
packets (with saddr=RIP2) will be treated as they come from NAT-ed box.
When patched the director will select the right VIP as maddr.
> We fiddle with packets on the real-server
> that come from VIP with ports 1025:65535.
>
> Joe
>
> --
> Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
> contractor to the National Environmental Supercomputer Center,
> mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
Regards
--
Julian Anastasov <ja@xxxxxx>
|
