|
On Mon, Jun 17, 2002 at 02:10:48PM -0700, Peter Mueller wrote:
> > If that is the case, how can that one interface both listen
> > to incoming
> > requests on the public IP's subnet, let's say for the sake of example
> > 66.111.111.111, and then send packets to a real server on the
> > internal subnet,
> > for example 192.168.1.10? Seems to me you can't do that
> > without 2 NICs.
>
> Once again the example you are talking about is LVS-NAT, _NOT_ LVS-DR as you
> reference. LVS-DR involves no NAT/masq/address translation and generally is
> setup on a public IP range for convenience or simplicity.
>
> You're trying to make this too complex. It looks like you are very much
> confusing LVS terms and jumbling your firewall setup in the middle for kicks
> :P. Get out notepad or visio and write down your setup, it will help. Then
> I would proceed as follows...
>
> 1.) setup LVS box for LVS-NAT using configure script from Joseph Mack. Make
> sure you give the LVS box a public IP and a private ip.
But the basic question I have is unanswered even in the the lvs-nat section
of the HOWTO: how is outside traffic supposed to get to a VIP configured
with a live network address if the actual ethernet interface is configured
for a private subnet? Or do I need 2 NICs? But the HOWTO only mentions one
NIC and one VIP...
> 2.) firewall requests going to the public IP to the LVS box if you want;
> just make sure desired traffic actually gets there. I would recommend
> starting with low or no security and after you get it working strengthen
> your setup.
> 3.) drink a beer to celebrate :P
|
