Hello,
On Wed, 22 Aug 2001, Joseph Mack wrote:
> On Wed, 22 Aug 2001, Julian Anastasov wrote:
>
> > IIRC, the question is about the default route in the director.
>
> oh sorry. Just trying to catch up with the mailing list and I didn't read
> closely enough.
>
> > I remember that for some setups it is possible the director to work
> > without default route but I don't know how this is used in the configure
> > script. Is this option mandatory for DR?
>
> For DR there are no packets (that I know of) that the director has to send
> to 0/0 from VIP for normal operation, so I don't have any route to the
> outside world from the VIP on the director. Presumably there are
> pathological problems (eg need for ICMP packets when networks are in
> trouble), that need to be handled. I can put these back in - do you have a
> list of the packets I need to handle?
Hm, no. You mean to add default route and to use ipchains rules?
You'll need input and may be output firewall rules? If such director
already receives packets without default route then there is no rp_filter
set, then there is a frontend firewall before the director? I have to
download the script and not to ask each time :)
> Joe
>
> --
> Joseph Mack mack@xxxxxxxxxxx
Regards
--
Julian Anastasov <ja@xxxxxx>
|