Re: Direct Routing from behind a firewall?

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: Direct Routing from behind a firewall?
From: Joseph Mack <mack@xxxxxxxxxxx>
Date: Fri, 27 Jul 2001 10:18:01 -0400 (EDT)
On Thu, 26 Jul 2001, Ricardo Kleemann wrote:

> Hi,
> Is it possible to do DR from behind a firewall? I mean the idea of DR is
> that the real server maintains a direct connection... but if the real
> server "really" has a private IP behind a firewall, does that create an
> issue with DR ?

The RIP on the real-server is used  only for communication with the
director so it can be a private IP. The VIP on the real-server is the
src_addr for packets from the real-server to the client. The firewall must
be able to pass those packets. There are no packets from the client to the
real-server so there should be no route to the real-server from the
router. This is all in the HOWTO.


Joseph Mack mack@xxxxxxxxxxx

<Prev in Thread] Current Thread [Next in Thread>