|
>>>>> "Wayne" == Wayne <wayne@xxxxxxxxxxxxxxx> writes:
Wayne> Is there easy way to let the server in NAT mode to go out
Wayne> as the farm IP address?
Easy? No.
Julian's kernel patch to selectively allow Martian packets would go a
long way to giving you what you want, though. Basicly, the patch
allows VS-DR routing when the only out-bound route the real servers
have is the VS box itself. It does this by disabling the Martian
checking code when rp_filter = 0. You would set rp_filer of the
inside interface *only*, convert from VS-NAT to VS-DR and then get the
real servers to initiate traffic using the VIP. I have this working
for Samba at least.
Of course, if you can't set the source address in the application
you're using all of this is moot. :/
--
Stephen
"Farcical aquatic ceremonies are no basis for a system of government!"
|
