Dr. Mack,
You missed the second part of my email :-)
<this was the cliffhanger question>
While I can move the ip command and reconfigure, is this the best option?
I like the direct routing rules being used, and if I can modify them some
to keep the routing the same except for firewall/vpn traffic, I would be
happy.
It looks like the 3-tier setup is indeed what I need to implement. I have
read through the link you sent and I am trying to understand everything
that is happening here. (I'm a java programmer by trade, not a network
admin so this stuff is pretty knew to me.)
You say in the howto: "Here's a standalone version of the code in the
configure script that marks the packets." Does that mean I need to modify
this script for my config and...
A) Replace the rc.lvs_dr configure script with the output
B) This script *is* the replacement for the rc.lvs_dr script
C) I'm all wrong and I need to be doing something else...
> does your DR LVS work
Yes, it works great. The problem is that I need to have a remote mon
server monitor my realservers for DNS failover through a VPN tunnel. I
have mon keeping track inside of the remote datacenter and fixing some
problems, but if the network or firewall tanks the remote mon server will
switch the ips in the alternate DNS for realtime failover to another
datacenter. I can't monitor anything on the realservers through the VPN
tunnel remotely unless I can reach the realservers via VPN/NAT from the
firewall. Also, It would be nice to be able to use CPAN from the
realservers when I am doing updates, I like to use Webmin for some of the
common remote configuration, and to top it all off it's just a real pain to
have to ssh into the director and the ssh into the realservers instead of
being able to ssh directly to the realservers. I'm not really concerned
about the security issue since all the servers are behind a secure firewall
which is also monitoring network traffic for abuse.
Matt Gregory
Web Developer
CTI, Inc.
cell: 678-458-6513
ioem: matt.gregory@xxxxxxxxx *see key block below
ooem: matthew.gregory@xxxxxxxxxxxx
Joseph Mack
<mack.joseph@xxxxxxx> To:
lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Sent by: cc:
lvs-users-admin@LinuxVirtua Subject: Re: Again
this comes up... :-)
lServer.org
09/12/2002 09:42 AM
Please respond to lvs-users
Matt.Gregory@xxxxxxxxx wrote:
>
> Ok, so why am I not able to route directly to my realservers
> (10.80.1.21/22) from my NAT gateway/firewall?
you're not supposed to be able to do this with lvs-dr
> I checked, and after the configuration script is run the realservers do
not
> have a default gateway in their route.
they're not supposed to have one
I can't ping outside services from
> the realservers (google.com for example),
correct
the RIPs are not supposed to connect to the outside world.
It's a feature. If you want to do this see the section
on 3-Tier LVS's
http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO-10.html
does your DR LVS work?
Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
--
NOTICE: This e-mail message and all attachments transmitted with it may
contain legally privileged and confidential information intended solely
for the use of the addressee. If the reader of this message is not the
intended recipient, you are hereby notified that any reading,
dissemination, distribution, copying, or other use of this message or
its attachments, hyperlinks, or any other files of any kind is strictly
prohibited. If you have received this message in error, please notify
the sender immediately by telephone (865-218-2000) or by a reply to this
electronic mail message and delete this message and all copies and
backups thereof.
|