Re: LVS trhough firewall with IP Tunneling or Direct Routing

[Elton Ramos Carvalho <elton.lista@xxxxxxxxxxxxxxx>]

My network diagram again....

(INTERNET)----eth0_FIREWALL_eth1---SWITCH-----(DMZ)

...eth0 and eth1 is valids IP address in diferents subnets

eth0 X.X.X.X/248  ...firewall and router subnet
eth1 X.X.X.X/240   ....my dmz


Elton Ramos Carvalho wrote:

> Hello,
>
> I have this network diagram....
>                                                                         
>                H.H.H.H
>                            eth0                eth1                   
>            Z.Z.Z.Z  (INTERNET) ---------- 
> FIREWALL---------SWITCH---------(DMZ)
> where....
>
> eth0 and eth1 is valids IP address in diferents subnets
>
> eth0 X.X.X.X/248  ...firewall and router subnet
> eth1 X.X.X.X/240   ....my dmz
>
> H.H.H.H smtp1
> Z.Z.Z.Z   smtp2
>      
>
> I want...
> .....a VIP address that respont to my 2 mail servers(duh)...
> .....that my FIREWALL  act as the DIRECTOR but using "direct routing" 
> or "ip tunneling" (with nat this works fine).
>     Is it possible?
>     I did some tests and when the datagram back to source IP, it stop 
> in eth1 with "martian source" error.
>     >>>>Feb 23 17:54:50 marlin kernel: martian source Y.Y.Y.Y from 
> X.X.X.X, on dev eth1
>     where Y.Y.Y.Y is a ADSL server and X.X.X.X is my VIP in one of my 
> mail servers.
>   
> I will apreciate any help
> Tks in advance
>
> Elton Ramos Carvalho
>
>
>
>
>
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users