Sorry for the format, I'm using exchange web mail. (at least it isn't HTML
.. I think...gulp)
You will need only one NIC, two preferably if you are running
LVS-NAT/masquarading. The LVS code takes care of distributing it and
translating if you are doing LVS-NAT. If you are using LVS-DR then you
should use public IPs.
If this comment doesn't explain the setup then please reply with a network
diagram / traffic flow of what you are thinking about.
Peter
-----Original Message-----
From: djo@xxxxxxxxxxxxxxxxxxxxxx
To: 'lvs-users@xxxxxxxxxxxxxxxxxxxxxx'
Sent: 6/17/2002 3:31 PM
Subject: Re: Question about LVS-DR setup
On Mon, Jun 17, 2002 at 02:10:48PM -0700, Peter Mueller wrote:
> > If that is the case, how can that one interface both listen
> > to incoming
> > requests on the public IP's subnet, let's say for the sake of
example
> > 66.111.111.111, and then send packets to a real server on the
> > internal subnet,
> > for example 192.168.1.10? Seems to me you can't do that
> > without 2 NICs.
>
> Once again the example you are talking about is LVS-NAT, _NOT_ LVS-DR
as you
> reference. LVS-DR involves no NAT/masq/address translation and
generally is
> setup on a public IP range for convenience or simplicity.
>
> You're trying to make this too complex. It looks like you are very
much
> confusing LVS terms and jumbling your firewall setup in the middle for
kicks
> :P. Get out notepad or visio and write down your setup, it will help.
Then
> I would proceed as follows...
>
> 1.) setup LVS box for LVS-NAT using configure script from Joseph Mack.
Make
> sure you give the LVS box a public IP and a private ip.
But the basic question I have is unanswered even in the the lvs-nat
section
of the HOWTO: how is outside traffic supposed to get to a VIP configured
with a live network address if the actual ethernet interface is
configured
for a private subnet? Or do I need 2 NICs? But the HOWTO only mentions
one
NIC and one VIP...
> 2.) firewall requests going to the public IP to the LVS box if you
want;
> just make sure desired traffic actually gets there. I would recommend
> starting with low or no security and after you get it working
strengthen
> your setup.
> 3.) drink a beer to celebrate :P
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
|