Re: Direct Routing from behind a firewall?

To: Ricardo Kleemann <ricardo@xxxxxxxxxxx>
Subject: Re: Direct Routing from behind a firewall?
Cc: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From: Julian Anastasov <ja@xxxxxx>
Date: Thu, 26 Jul 2001 22:23:20 +0000 (GMT)

On Thu, 26 Jul 2001, Ricardo Kleemann wrote:

> Hi,
> Is it possible to do DR from behind a firewall? I mean the idea of DR is
> that the real server maintains a direct connection... but if the real
> server "really" has a private IP behind a firewall, does that create an
> issue with DR ?

        Only the NAT mode has sense for two networks: internal and
external. For DR the client and the real server can be on same or
in different subnet. It is possible with some magic route commands
to build NAT setup where the clients, the LVS box and the real servers
to be in same subnet. RTFM: NAT section.

> I'm a little confused about that, but I would like to use DR

        No problem. The DR and TUN requirement is that the LVS can't
be a gateway for the route from the real server to the client. But
this rule is not mandatory, there are kernel patches that allow such

> Thanks
> Ricardo


Julian Anastasov <ja@xxxxxx>

<Prev in Thread] Current Thread [Next in Thread>