LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

RE: Direct Routing from behind a firewall?

from [Bowie Bailey] [Permanent Link]
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: RE: Direct Routing from behind a firewall?
From: Bowie Bailey <Bowie_Bailey@xxxxxxx>
Date: Thu, 26 Jul 2001 15:36:48 -0400 
If you have a public IP for your VIP, then you don't have to worry about it.

If your VIP is a private IP, then you have to setup your router/firewall so
that a public IP will be redirected to the VIP so that external Internet
users can get to it.

Bowie

> -----Original Message-----
> From: Ricardo Kleemann [SMTP:ricardo@xxxxxxxxxxx]
> Sent: Thursday, July 26, 2001 3:34 PM
> To:   lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Subject:      RE: Direct Routing from behind a firewall?
> 
> I guess you've confused me ;-)
> 
> What/How do I map to the VIP ?
> 
> 
> On Thu, 26 Jul 2001, Bowie Bailey wrote:
> 
> > oops...you're right.
> > 
> > What I should have said was that you need a map to the VIP.
> > 
> > Bowie
> > 
> > > -----Original Message-----
> > > From:     Zachariah Mully [SMTP:zmully@xxxxxxxxxxxxxx]
> > > Sent:     Thursday, July 26, 2001 3:27 PM
> > > To:       lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > > Subject:  RE: Direct Routing from behind a firewall?
> > > 
> > > 
> > >   Why would you need to map public IP's to the RS's if the replies are
> > > coming back to the VIP? The only reason you would need the RIP's
> mapped
> > > to PIP's would be for maintenance (then you'd probably be better off
> > > allowing external access to one box in the cluster from which you can
> > > hit the rest).
> > >   My LVS-DR works fine without RS's having public IP's. There's no
> > > need
> > > for them.
> > > 
> > > Z
> > > 
> > > > -----Original Message-----
> > > > From: lvs-users-admin@xxxxxxxxxxxxxxxxxxxxxx
> > > > [mailto:lvs-users-admin@xxxxxxxxxxxxxxxxxxxxxx]On Behalf Of
> > > > Bowie Bailey
> > > > Sent: Thursday, July 26, 2001 3:11 PM
> > > > To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > > > Subject: RE: Direct Routing from behind a firewall?
> > > >
> > > >
> > > > It works just find from behind a firewall.  Your firewall
> > > > will need to map a
> > > > public IP to your real server's private IP and your real
> > > > server will need a
> > > > path back out to the firewall.
> > > >
> > > > Bowie
> > > >
> > > > > -----Original Message-----
> > > > > From: Ricardo Kleemann [SMTP:ricardo@xxxxxxxxxxx]
> > > > > Sent: Thursday, July 26, 2001 3:06 PM
> > > > > To:   lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > > > > Subject:      Direct Routing from behind a firewall?
> > > > >
> > > > >
> > > > > Hi,
> > > > >
> > > > > Is it possible to do DR from behind a firewall? I mean the
> > > > idea of DR is
> > > > > that the real server maintains a direct connection... but
> > > > if the real
> > > > > server "really" has a private IP behind a firewall, does
> > > > that create an
> > > > > issue with DR ?
> > > > >
> > > > > I'm a little confused about that, but I would like to use DR
> > > > >
> > > > > Thanks
> > > > > Ricardo
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > LinuxVirtualServer.org mailing list -
> > > > lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > > > > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > > > > or go to http://www.in-addr.de/mailman/listinfo/lvs-users
> > > >
> > > > _______________________________________________
> > > > LinuxVirtualServer.org mailing list -
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > > > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > > > or go to http://www.in-addr.de/mailman/listinfo/lvs-users
> > > >
> > > 
> > > 
> > > _______________________________________________
> > > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > > or go to http://www.in-addr.de/mailman/listinfo/lvs-users
> > 
> > _______________________________________________
> > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > or go to http://www.in-addr.de/mailman/listinfo/lvs-users
> > 
> 
> 
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users



        Note 1 & 3
   IRIX 6.5.9        no                        Note 1
   IRIX 6.5.10       no                        Note 2
   IRIX 6.5.11       no                        Note 4


   NOTES

     1) This version of the IRIX operating has been retired.
        Upgrade to an actively supported IRIX operating system.
        See http://support.sgi.com/news/support/index.html#customer_letters
        for more information.

     2) This version of the IRIX operating system is in maintenance mode.
        Upgrade to an actively supported IRIX operating system.
        See http://support.sgi.com/news/support/index.html#customer_letters
        for more information.

     3) See "Temporary Solution" section.

     4) Download the latest IRIX 6.5 Maintenance Release from the URL:
        http://support.sgi.com/colls/patches/tools/relstream/index.html
        or contact your local SGI support provider to obtain the
        latest IRIX 6.5 Maintenance Release CD set.


Patches are available via the web, anonymous FTP and from your SGI
service/support provider.

SGI Security Advisories can be found at:
http://www.sgi.com/support/security/ and
ftp://patches.sgi.com/support/free/security/advisories/

SGI Security Patches can be found at:
http://www.sgi.com/support/security/ and
ftp://patches.sgi.com/support/free/security/patches/

SGI patches for IRIX can be found at the following patch servers:
http://support.sgi.com/irix/ and ftp://patches.sgi.com/

SGI freeware updates for IRIX can be found at:
http://freeware.sgi.com/

SGI fixes for SGI open sourced code can be found on:
http://oss.sgi.com/projects/

SGI patches and RPMs for Linux can be found at:
http://support.sgi.com/linux/ or
http://oss.sgi.com/projects/sgilinux-combined/download/security-fixes/

SGI patches for Windows NT or 2000 can be found at:
http://support.sgi.com/nt/

IRIX 5.2-6.4 Recommended/Required Patch Sets can be found at:
http://support.sgi.com/irix/ and ftp://patches.sgi.com/support/patchset/

IRIX 6.5 Maintenance Release Streams can be found at:
http://support.sgi.com/colls/patches/tools/relstream/index.html

IRIX 6.5 Software Update CDs can be obtained from:
http://support.sgi.com/irix/swupdates/

The primary SGI anonymous FTP site for security advisories and patches
is patches.sgi.com (216.32.174.211).  Security advisories and patches
are located under the URL ftp://patches.sgi.com/support/free/security/

For security and patch management reasons, ftp.sgi.com (mirrors
patches.sgi.com security FTP repository) lags behind and does not
do a real-time update.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Direct Routing from behind a firewall?, Ricardo Kleemann
Next by Date:  RE: Direct Routing from behind a firewall?, Matthew S. Crocker
Previous by Thread:  RE: Direct Routing from behind a firewall?, Ricardo Kleemann
Next by Thread:  more: G'dai eh from Ottawa, Joseph Mack
Indexes:  [Date] [Thread] [Top] [All Lists]