LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

RE: Problems with LVS-NAT and direct routing to network behindLVS.....

To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Problems with LVS-NAT and direct routing to network behindLVS.....
From: "Kim Le" <kiml@xxxxxxxxx>
Date: Wed, 29 Aug 2001 13:18:08 -0700
I think what you need to do is to create some alias IP addresses for your
LVS box.
LVS only listen to address that need to do loadbalancing (Internet traffic)
Others traffic will go through the addresses that are not listened by LVS.

-----Original Message-----
From: lvs-users-admin@xxxxxxxxxxxxxxxxxxxxxx
[mailto:lvs-users-admin@xxxxxxxxxxxxxxxxxxxxxx]On Behalf Of Pawel Kisiel
Sent: Wednesday, August 29, 2001 12:49 PM
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: RE: Problems with LVS-NAT and direct routing to network
behindLVS.....




On Wed, 29 Aug 2001, Zachariah Mully wrote:

>       If I understand you correctly you have a route between the DMZ and your
> private internal network and the box with the LVS-NAT is routing both
> requests from the Internet (traffic that should be load balanced) and
> from the internal network (traffic that shouldn't be LB'ed).
Yes, that's true...

>You need to read up on either your firewall rules or setup an internal DNS
server to
> fix your problem as the problem isn't with the LVS, but with how you are
> NAT/Masq/Portfw'ing your external ips to the LB'ed RS'es.
I don't think so.... I don't need internal dns....I only need to get to
thsese machines by giving an ip address, nothing more...
        I'm using iptables right now...and I'm FORWARDing traffic between
 10.10.0.0/24 and 10.10.1.0/24 not Masquerading it or SNATing....just
ACCEPTing....
        but all traffic that should be directed to the internet is
SNATing....using POSTROUTING table....

>       Since you don't mention what you're running (ipchains/iptables), I
> can't help you any further than to say this is a lot easier to do if
> you're running iptables on the director/router. With ipchains there
> isn't any way that I know of to do what you want.

        So You know now that I'm involved in iptables....so can You tell
me what to do in this situation?
        I want to achive:
        -route between 10.10.0.0/24 and 10.10.1.0/24 with
all ports available(even these that are mapped on LVS to loadbalance the
resources)
        -other traffic coming from internet to my LVS-NAT box can reach
my hidden resources in 10.10.1.0/24 on ports that I will configure...
        -if it is possible also I would like to be able to conenct from
10.10.0.0/24 to LVS-NAT resources when I will try to connect to them using
 public ip addresses(like normal clients from internet do)...
 (probably I will still have this ability but I'm not 100% sure about
that)
 My diagram doesn't show that I have default gateway in 10.10.0.0/24 when
I'm trying
to reach external ip addresses...



        Thank You for any help in solving my problem...


Pawel Kisiel




_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users



<Prev in Thread] Current Thread [Next in Thread>