Re: Minimum Security For LVS box ?

To:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx, malcolm.turnbull@xxxxxxxxxxxx
Subject:	Re: Minimum Security For LVS box ?
From:	Joseph Mack <mack.joseph@xxxxxxx>
Date:	Wed, 02 Oct 2002 07:12:51 -0400

Malcolm Turnbull wrote:
> 
> OK, I guess I was just being lazy :-).
> which never gives good results.

Other points to consider is how much damage a person can do who gets
root on one of your machines. With LVS-DR, all packets from the
attacker will come from the RIP whereas the packets from the LVS will
come from the VIP. You can set your routing so that packets from the RIP
don't go outside the RIP network. Also don't have a default route on the 
director. 

http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO-13.html#ss13.6

Joe

-- 
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center, 
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA

<Prev in Thread]	Current Thread	[Next in Thread>
Minimum Security For LVS box ?, Malcolm Turnbull Re: Minimum Security For LVS box ?, Joseph Mack RE: Minimum Security For LVS box ?, Peter Mueller Re: Minimum Security For LVS box ?, Malcolm Turnbull Re: Minimum Security For LVS box ?, Joseph Mack <= Re: Minimum Security For LVS box ?, Roberto Nibali

Previous by Date:	Re: iptables and lvs_nat, Roberto Nibali
Next by Date:	Re: iptables and lvs_nat, Joseph Mack
Previous by Thread:	Re: Minimum Security For LVS box ?, Malcolm Turnbull
Next by Thread:	Re: Minimum Security For LVS box ?, Roberto Nibali
Indexes:	[Date] [Thread] [Top] [All Lists]