|
Re,
>thanx for the fast advice. but i'm not sure you understood correctly
>what i wanted. i just simply want a port-fw on vip:port1 to
>webserver_1:22 and vip:port2 to webserver_2:22. because it's not very
>fine to guess what server can be reached.
The subject was port forwarding OR direct access :) I prefer direct access
because remote visibility of your realserver pool is managed by a firewall
(or with specials chains directly onto your LVS director) ((admin stream
are LVS independant))
Anyway you can use LVS to handle your pb using a different IP port number
for each realserver. So you create something like :
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.100.10:2222 rr persistent 50
-> 192.168.200.1:22 Masq 1 0 0
TCP 192.168.100.10:2223 rr persistent 50
-> 192.168.200.2:22 Masq 1 0 0
=> a VS with only RS where 192.168.200.1 & 2 are your RS pool. VIP =
192.168.100.10
I recommand you starting sshd in standalone mode. I just try this setup on
my devel env using SSH 3.0.1 coming from ssh.com.
regards,
Alexandre
|
