"Ryan D. Hatch" wrote:
>
> I have three IP's for my director (two VIP's used for SSL Virtual
> Hosting, and one for management). When on the director however, I am
> unable to ping any outside hosts right after I run my rc config file. If
> I do the following command;
>
> route add default gw 206.228.158.1 ;(my router's IP)
>
> I am then able to access my management IP remotely, and I am able to
> ping out from the director.
>
> Is there any reason that this is not a good idea? Does this pose any
> security risks? How can I make it run that route command in the rc file?
this is discussed in the HOWTO
http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO-13.html#ss13.8
you pick whether you think this is a good idea or not.
There is no reason (except in pathological cases of machines going down)
for the VIP on the director to be sending packets to the outside world.
If you want to send packets to 0/0 from the director, use iproute2
or a different NIC to send the packets out. You don't want anyone attacking
the VIP to get any packets back except the ones you decide to send them.
Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|