|
On Wed, 29 Aug 2001, Zachariah Mully wrote:
> If I understand you correctly you have a route between the DMZ and your
> private internal network and the box with the LVS-NAT is routing both
> requests from the Internet (traffic that should be load balanced) and
> from the internal network (traffic that shouldn't be LB'ed).
Yes, that's true...
>You need to read up on either your firewall rules or setup an internal DNS
>server to
> fix your problem as the problem isn't with the LVS, but with how you are
> NAT/Masq/Portfw'ing your external ips to the LB'ed RS'es.
I don't think so.... I don't need internal dns....I only need to get to
thsese machines by giving an ip address, nothing more...
I'm using iptables right now...and I'm FORWARDing traffic between
10.10.0.0/24 and 10.10.1.0/24 not Masquerading it or SNATing....just
ACCEPTing....
but all traffic that should be directed to the internet is
SNATing....using POSTROUTING table....
> Since you don't mention what you're running (ipchains/iptables), I
> can't help you any further than to say this is a lot easier to do if
> you're running iptables on the director/router. With ipchains there
> isn't any way that I know of to do what you want.
So You know now that I'm involved in iptables....so can You tell
me what to do in this situation?
I want to achive:
-route between 10.10.0.0/24 and 10.10.1.0/24 with
all ports available(even these that are mapped on LVS to loadbalance the
resources)
-other traffic coming from internet to my LVS-NAT box can reach
my hidden resources in 10.10.1.0/24 on ports that I will configure...
-if it is possible also I would like to be able to conenct from
10.10.0.0/24 to LVS-NAT resources when I will try to connect to them using
public ip addresses(like normal clients from internet do)...
(probably I will still have this ability but I'm not 100% sure about
that)
My diagram doesn't show that I have default gateway in 10.10.0.0/24 when I'm
trying
to reach external ip addresses...
Thank You for any help in solving my problem...
Pawel Kisiel
|
