|
Hi
> hmm, the VIP(s) should all face the outside world. There shouldn't be one
> on the inside ethernet device.
I think there needs to be one on the inside so that default route
(gateway) is brought up on the second server if the first fails. Otherwise
the real servers would need to be configured with the new gateway ip when
the backup kicked in.
> The realservers are isolated from the outside world by design as a
> security
> measure. There should be no two way direct connection between client(s)
> and realservers.
> You're breaking the security, which you can do if you wish,
> but just be aware that you've done it and why you've done it.
I need the real server to be able to access the outside world, to download
updates and do DNS etc. I agree there should be no direct way for the
clinet to connect to the real servers. Is NAT on the director (gateway)
the way to let the real servers make a connection to outside. The
connection would then appear to have come from the director.
Andy
> --
> Joseph Mack PhD, High Performance Computing & Scientific Visualization
> SAIC, Supporting the EPA Research Triangle Park, NC 919-541-0007
> Federal Contact - John B. Smith 919-541-1087 - smith.johnb@xxxxxxx
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
|
