|
This is an old topic, which has been handled by turning off
identd requests on real-servers. I'm wondering if there might
be a work around.
Explanation of problem:
With a VS-NAT lvs, services running under identd (eg sendmail), or
under tcpwrappers successfully make requests to the LVS client's authd.
There is no solution for VS-DR at the moment. The auth client on
the real-server initiates the connection from the VIP. There is
no way for a packet from VIP:high port to get a reply through the LVS.
1. the incoming packet from the client on the internet is destined for a
non-LVS'ed high port
2. the incoming packet is not a connect request.
3. the incoming packet is not associated with an established connection.
The reply from the LVS client will be dropped.
Attempt at solution:
If the request could come from the RIP on the real-server instead
of the VIP, then the request could be nat'ed out.
Is there any way to make a connect request from VIP:high_port
on the real-server come from RIP:high_port, and for the replies
to RIP:high_port to be changed to VIP:high_port?
Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|
