On Sat, Apr 28, 2001 at 07:29:12AM +0200, Alois Treindl wrote:
> Help needed
> This is the first time that I setup a LVS system, and
> the first time that I setup a Linux firewall/packet filter.
> Before that; I have setup packet filters only on Cisco routers; my
> main work experience is with HPUX and not Linux.
> Is my design prudent, and will it work?
> (I chose this so that I do not need a separate firewall box).
Your design looks essentially sound to me, though you may want to consider
moving the RDBMs to a dedicated server. I'm not clear where the NFS server
is I assume this is to be w1 as well. This to might be better on a
It looks to me that the design should be reasonably straight forward to
implement, and should work quite well.
> I would appreciate detailed help on configuring both,
> the LVS configuration and the firewall/ipchains configuration.
I think the level of help you're after is beyond the scope of an email to a
list (hence I agree with your subsequent email offering to pay for help).
The LVS-mini-HOWTO and LVS-HOWTO, both available on
www.linuxvirtualserver.org provide good information on how to configure
LVS. www.ultramonkey.org has more configuration information and
prebuild/tested packages for deploying such systems.
As for ipchains, I would suggest "ipchains -P forward DENY" is a good
start. Beyond that you should also look at filtering packets on the input
chain to protect the Linux Director itself.