> If that is the case, how can that one interface both listen
> to incoming
> requests on the public IP's subnet, let's say for the sake of example
> 66.111.111.111, and then send packets to a real server on the
> internal subnet,
> for example 192.168.1.10? Seems to me you can't do that
> without 2 NICs.
Once again the example you are talking about is LVS-NAT, _NOT_ LVS-DR as you
reference. LVS-DR involves no NAT/masq/address translation and generally is
setup on a public IP range for convenience or simplicity.
You're trying to make this too complex. It looks like you are very much
confusing LVS terms and jumbling your firewall setup in the middle for kicks
:P. Get out notepad or visio and write down your setup, it will help. Then
I would proceed as follows...
1.) setup LVS box for LVS-NAT using configure script from Joseph Mack. Make
sure you give the LVS box a public IP and a private ip.
2.) firewall requests going to the public IP to the LVS box if you want;
just make sure desired traffic actually gets there. I would recommend
starting with low or no security and after you get it working strengthen
your setup.
3.) drink a beer to celebrate :P
|