LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

conflicting statements in LVS-HOWTO

To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: conflicting statements in LVS-HOWTO
From: "James Treleaven" <jametrel@xxxxxxxxxxxx>
Date: Thu, 28 Feb 2002 17:10:16 -0500
I am confused by the LVS-HOWTO v1.12, Dec 2001.  Should I be able to ping
client machines from my realserver, when using LVS-NAT? The HOWTO seems to
say conflicting things about this.

Am I correct in assuming that 'Julian's step-by-step check' below is for a
'test' setup, where the realservers are on the same network as the director
and the clients? Am I further correct in assuming that once a realserver has
answered a request from a client, that client may then be pinged from the
realserver because that client's ip address will exist in the NAT table on
the director?  How can one view that NAT table?



The two sections of the HOWTO that seem to conflict with each other are:

[12.3 All packets from the realserver to the outside world must go through
the director]
...
'In production you should _not_ be able to ping from the realservers to the
client. The realservers should not know about any other network than their
own (here 10.1.1.0). The connection from the realservers to the client is
through ipchains (for 2.2.x kernels) and LVS-NAT tables setup by the
director.'

[12.9 Julian's step-by-step check of a L4 LVS-NAT setup]
Question 1 is: 'Can the real server ping client?'
'Yes' is good and 'No' is bad.

cheers,
James



<Prev in Thread] Current Thread [Next in Thread>