|
> -----Original Message-----
> From: Matthew S. Crocker [SMTP:matthew@xxxxxxxxxxx]
> Sent: Monday, June 04, 2001 8:31 AM
>
> On Mon, 4 Jun 2001, Joseph Mack wrote:
>
> > "normally" (which I guess hasn't been defined yet), the real-servers in
> a VS-DR
> > setup have private IPs for the RIPs and hence they can't receive replies
> > from calls made to external name servers.
> >
> > I would also assume that people would write filter rules to only
> > allow packets in and out of the real-servers that belong to the services
> > listed in the director's ipvsadm tables.
> >
> > I take it that your LVS'ed SMTP servers can access external DNS servers,
>
> > either by NAT through the director, or in the case of VS-DR by having
> > public IPs and making calls from those IPs to external nameservers
> > via the default gw of the real-servers?
>
> We currently have our real servers with public IP addresses.
>
You can also do this by NAT through a firewall or router. I am not doing
SMTP, but my entire LVS setup (VIPs and all) is private. I give the VIPs a
static conduit throught the firewall for external access. The realservers
can access the internet via NAT the same as any other computer on the
network.
Bowie
|
