|
Matt,
Thank you again - esp. for the quick response.
Monday I will probably test Direct Routing as noarp
as you said below. At work we will have a Monday
discussion on all of this... I will give your email
answer on NAT to our network guy and see what he says
- could be he himself was looking at this NAT thing
somewhat askew/ajar as far as his analysis of it. :)
(And this is all because of NetWare's Web-Portal
LOGIN SCREEN which despite accessing it via
LVS, the login screen tries to use the physical
address of the NetWare server (hardcoded in java
or something). Otherwise we'd have been done with
this using NAT and letting LVS handling LDAP as well
as the NetWare admin ports, etc. )
Thanks
Peter
--- "Matthew S. Crocker" <matthew@xxxxxxxxxxx> wrote:
> On Sat, 14 Dec 2002, pb wrote:
>
> > Matt and all,
> >
> > > What exactly is strict NAT routing?
> >
> > Our network guy told me about this - I forget the
> > exact term other than he did say "strict NAT
> routing"
> > and it involved source/destination IP addresses
> all
> > being re-written in the transmitted packets by the
> NAT
> > router. If not all IP addresses are rewritten, it
> is
> > not true NAT. Thus, we cannot get a NetWare
> server
> > with LDAP and 2 network cards (one side on LVS's
> > private network) working with NAT because looking
> at
> > the contents of the packets it shows it not to be
> true
> > NAT, as I poorly explained.
>
> Hrm, So he wants the source address of the incoming
> connection to be
> re-written to that of your internal address of your
> LVS server? I'm not
> exactly sure why you would want to do this but it
> can be done. It is not
> really the job of LVS it would be handled by an
> iptables rule.
>
> Basically, use LVS-NAT to re-write the destination
> IP of the packet to
> that of the real server IP. This is done as the
> packet enters the LVS
> router. Then, re-write the source IP to that of
> the LVS internal IP
> address. This is done by iptables as the packet
> leaves the router.
>
> The desitnation of the returning packet gets
> re-written as the packet
> enters the router on the LVS internal interface.
> The source of the return
> packet gets re-written by LVS module as it leaves
> the router on the LVS
> external interface. I'm not sure why you wouldn't
> want to see the real
> source IP at the real servers.
>
> > Thank you - I will try either direct or tunneling
> -
> > doesn't one or the other need the real servers to
> be
> > LINUX boxes or does it matter with those other
> routing
> > methods???
>
> LVS operates at Layer 3 so it should be transparent
> to the real server OS.
> You can setup any combination of OS's on the real
> servers. With LVS-DR
> just make sure the real servers are NOT arping for
> the VIP
>
> -Matt
>
> --
>
----------------------------------------------------------------------
> Matthew S. Crocker
> Vice President / Internet Division Email:
> matthew@xxxxxxxxxxx
> Crocker Communications Phone:
> (413) 746-2760
> PO BOX 710 Fax:
> (413) 746-3704
> Greenfield, MA 01302-0710
> http://www.crocker.com
>
----------------------------------------------------------------------
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list -
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to
> lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to
http://www.in-addr.de/mailman/listinfo/lvs-users
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
|
