Success. I've managed to get an lvs-nat setup working. I want to thank the
people who helped. One thing I didn't realize initially and that didn't
seem clear to me in
the HOWTO's regarding a one-NIC-two-network setup was that I must have the
2 subnets plugged into the same switch. I guess that's an obvious thing but
I didn't think about it.
I wanted to not use the director as the gateway for the realservers but am
wondering if there are constraints based on the fact that the realservers I am
using are
running Windows 2000 and therefore in a lvs-dr setup the VIP would be
assigned to the lo0 device. Is it correct that for direct-routing from the
realservers to the client that the default gateway for the realservers
should be the gateway on the external subnet (i.e. the gateway on the
network of the VIP)?
I am also running iptables on the directors to filter out unwanted traffic
and to redirect certain incoming traffic to specific hosts and its working
great.
Thanks again for the assistance.
On Tue, Jun 18, 2002 at 06:28:00AM -0400, Joseph Mack wrote:
> djo@xxxxxxxxxxxxxxxxxxxxxx wrote:
>
> > But the basic question I have is unanswered even in the the lvs-nat section
> > of the HOWTO: how is outside traffic supposed to get to a VIP configured
> > with a live network address if the actual ethernet interface is configured
> > for a private subnet? Or do I need 2 NICs? But the HOWTO only mentions one
> > NIC and one VIP...
>
> A NIC can have many addresses (up to 256 I believe) on it from different and
> unrelated networks. The main reason to use multiple NICs are that packets are
> separated into different physical networks. This makes writting filter rules
> easier and allows more throughput than one card can handle.
>
> The VIP is contacted by the client. If the client is on the internet, then
> the VIP must be a public IP. The RIPs are usually private IPs for both LVS-DR
> and LVS-NAT. One NIC on the director can have both the public VIP and the
> private DIP.
>
> Joe
>
> --
> Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
> contractor to the National Environmental Supercomputer Center,
> mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|