|
> (And this is all because of NetWare's Web-Portal
> LOGIN SCREEN which despite accessing it via
> LVS, the login screen tries to use the physical
> address of the NetWare server (hardcoded in java
> or something). Otherwise we'd have been done with
> this using NAT and letting LVS handling LDAP as well
> as the NetWare admin ports, etc. )
This sounds like you might have bigger problems. If a web browser outside
of the LVS server is being directed to a Netware box inside the server.
And that Netware box is pushing out a java app with its IP address
hardcoded in you'll have problems with NAT. You'll have to use LVS-DR so
the Netware uses a public IP address in the java app. This all seems kind
of silly, the Java app should reference a machine name which you can then
assign IP addresses using a split horizon DNS server.
-Matt
> > Thanks
> Peter
>
>
> --- "Matthew S. Crocker" <matthew@xxxxxxxxxxx> wrote:
> > On Sat, 14 Dec 2002, pb wrote:
> >
> > > Matt and all,
> > >
> > > > What exactly is strict NAT routing?
> > >
> > > Our network guy told me about this - I forget the
> > > exact term other than he did say "strict NAT
> > routing"
> > > and it involved source/destination IP addresses
> > all
> > > being re-written in the transmitted packets by the
> > NAT
> > > router. If not all IP addresses are rewritten, it
> > is
> > > not true NAT. Thus, we cannot get a NetWare
> > server
> > > with LDAP and 2 network cards (one side on LVS's
> > > private network) working with NAT because looking
> > at
> > > the contents of the packets it shows it not to be
> > true
> > > NAT, as I poorly explained.
> >
> > Hrm, So he wants the source address of the incoming
> > connection to be
> > re-written to that of your internal address of your
> > LVS server? I'm not
> > exactly sure why you would want to do this but it
> > can be done. It is not
> > really the job of LVS it would be handled by an
> > iptables rule.
> >
> > Basically, use LVS-NAT to re-write the destination
> > IP of the packet to
> > that of the real server IP. This is done as the
> > packet enters the LVS
> > router. Then, re-write the source IP to that of
> > the LVS internal IP
> > address. This is done by iptables as the packet
> > leaves the router.
> >
> > The desitnation of the returning packet gets
> > re-written as the packet
> > enters the router on the LVS internal interface.
> > The source of the return
> > packet gets re-written by LVS module as it leaves
> > the router on the LVS
> > external interface. I'm not sure why you wouldn't
> > want to see the real
> > source IP at the real servers.
> >
> > > Thank you - I will try either direct or tunneling
> > -
> > > doesn't one or the other need the real servers to
> > be
> > > LINUX boxes or does it matter with those other
> > routing
> > > methods???
> >
> > LVS operates at Layer 3 so it should be transparent
> > to the real server OS.
> > You can setup any combination of OS's on the real
> > servers. With LVS-DR
> > just make sure the real servers are NOT arping for
> > the VIP
> >
> > -Matt
> >
> > --
> >
> ----------------------------------------------------------------------
> > Matthew S. Crocker
> > Vice President / Internet Division Email:
> > matthew@xxxxxxxxxxx
> > Crocker Communications Phone:
> > (413) 746-2760
> > PO BOX 710 Fax:
> > (413) 746-3704
> > Greenfield, MA 01302-0710
> > http://www.crocker.com
> >
> ----------------------------------------------------------------------
> >
> >
> > _______________________________________________
> > LinuxVirtualServer.org mailing list -
> > lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Send requests to
> > lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > or go to
> http://www.in-addr.de/mailman/listinfo/lvs-users
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
>
--
----------------------------------------------------------------------
Matthew S. Crocker
Vice President / Internet Division Email: matthew@xxxxxxxxxxx
Crocker Communications Phone: (413) 746-2760
PO BOX 710 Fax: (413) 746-3704
Greenfield, MA 01302-0710 http://www.crocker.com
----------------------------------------------------------------------
|
