|
Pawel-
I think that Joseph was confused by your use of "Direct Routing" which
in the context of LVS means something totally different that what you
intend.
If I understand you correctly you have a route between the DMZ and your
private internal network and the box with the LVS-NAT is routing both
requests from the Internet (traffic that should be load balanced) and
from the internal network (traffic that shouldn't be LB'ed). You need to
read up on either your firewall rules or setup an internal DNS server to
fix your problem as the problem isn't with the LVS, but with how you are
NAT/Masq/Portfw'ing your external ips to the LB'ed RS'es.
Since you don't mention what you're running (ipchains/iptables), I
can't help you any further than to say this is a lot easier to do if
you're running iptables on the director/router. With ipchains there
isn't any way that I know of to do what you want.
Good luck,
Zack
> >
> > I'm still confused.
> > Please restate the problem without using the term "direct routing"
> > and with only 2 connections to the director.
>
> Why are You still confused?? I've explained YOu the
> situation....
> and there is nothing to say more......
> "Direct routing" means normal ip routing between 2 private
> networks using linux as router, and LVS-NAT to give resources
> to clients
> from internet to one of these network with production servers.....
> and I want to get these machines using their real ip adresses
> (10.10.1.0/24) when I'm in private subnet(developers)...
> Don't ask me why....I need this configuration....and it works
> fine when LVS-NAT is cleared..(no mappings from real routable
> addresses on
> world interfaces on LVS-NAT box to internal ip adresses in
> 10.10.1.0/24)
> But when I turn on ipvsadm rules, all internal ports tha are mapped to
> external ips, are blocked! So that's the real problem for me...not a
> network topology......Don't worry about that....just tell
> me...if You know
> how to sove my problem.....
>
>
> Pawel Kisiel
|
