|
Ivan Figueredo wrote:
>
> I also am not able to ftp to realserver from client.
when you set up your masq rules with ipchains on the director,
you probably masqueraded all ports. This means that any packets
coming from the real-servers will be masqueraded, even if they
aren't from services that have been LVS'ed on the way in.
Neat security feature huh? You can't connect to any services
on the real-servers, except those that have been LVS'ed :-(
Instead for each service that is being LVS'ed, on the director you
set up masquerading by running a line like this.
director:# ipchains -A forward -p tcp -j MASQ -s realserver_name service -d
0.0.0.0/0
where service = telnet, http
My configure script (on the web site) does this for you.
It doesn't handle the 1 net VS-NAT LVS (yet). To do this
you'll need to run the send_redirects on the director,
and set up the routes on the real-servers(s) first.
Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|
