On Thu, 26 Jul 2001, Ricardo Kleemann wrote:
>
> Hi,
>
> Is it possible to do DR from behind a firewall? I mean the idea of DR is
> that the real server maintains a direct connection... but if the real
> server "really" has a private IP behind a firewall, does that create an
> issue with DR ?
The RIP on the real-server is used only for communication with the
director so it can be a private IP. The VIP on the real-server is the
src_addr for packets from the real-server to the client. The firewall must
be able to pass those packets. There are no packets from the client to the
real-server so there should be no route to the real-server from the
router. This is all in the HOWTO.
Joe
--
Joseph Mack mack@xxxxxxxxxxx
|