|
Hello there
Let me desribe my Problem (Setup)
I am running a LVS Setup here with two Real Servers (Web Servers). The
requests for those Web Servers come in over a Foundry box that is located
at a different place. The DNS for the Web Server resolves to the Foundry
IP.
The Foundry that it is set up like a proxy so everything arriving at our
director has the same source IP. Because we are using sessions on our
WebServers (cookies) a persistent value is set and therefore all requests
land on the same Real Server.
The folks responsible for the Foundry told me that they could configure it
in a way that they hand down the IP from the Client to me but this would
cause a Problem if the client sits behind a firewall doing stateful
inspection.
The scenario is like follows.
Client A at 123.123.123.123 opens up a http connection to our Web Server
and gets via DNS the IP of the foundry box which is at e.g. 233.233.233.233
so the firewall at the client side remembers that connection. If I answer
back directly from my Real Server which is lets say at 244.244.244.244 to
the client
the firewall on the client side discards tha packet because it expects it
to come from 233.233.233.233
What can be done ? The foundry box can not be thrown out.
Would it be a solution for me to mangle the outgoing IP address from the
Real Servers to become the IP address of the Foundry box ?
Thanks for helping
Best regards
Robert Gehr
"A ship in a harbour is safe, but that's not what ships are built for"
========================================
web2CAD AG
Emailfabrikstrs. 12
92224 Amberg / Germany
visit: http://www.web2cad.com
|
