|
I'm not sure I stated my problem correctly, the first link was about NFS
and file locking, the second was about getting apache VirtualHosts.
Let's say we have clientA coming in from the internet, and clientB
coming from the LAN. Between the two I have a box with ipvs NAT rules.
On the LAN I have serverA. On the NAT box, I have virtual eth interfaces
defined, one is for serverA. So I forward/NAT ports on that IP to the
relevant port on the lan IP of serverA. There is a DNS name resolvable
to the internet IP of serverA, and a hostname internal to the LAN, using
/etc/hosts, that resolves to the LAN IP of server A. From clientA, I can
ssh to the public DNS name or its IP address. From clientB, I can ssh to
the internal LAN name or its IP address. I can't, from clientB, ssh to
the public DNS name or its IP address.
Looking at the little diagram below, clientB can *only* ssh to
192.168.10.0/24, and not to an IP/FQDN bound on the public side of
ipvs/NAT.
clientA
|
Internet
|
ipvs/NAT
|
(192.168.10.0/24)
|
serverA,clientB
Now, you might ask, so what? And I would agree. But, I have this
JBoss/Tomcat server that this poses a problem for. I need to give it the
FDQN when I start it. If that name resolves to the public IP address
(VIP?), it can't make connections between components. If that name
resolves to the internal LAN IP (RIP?) address, then [external] clients
can't connect to other components because the server gives them that
internal IP address, for which there is no route. I put external in
brackets there because there will never be a case of internal clients.
The server and ipvs are in a rack in a hosting center, in another city.
In my case, clientB is a server component that serverA and clientA need
to be able to connect to. All components are bound to one IP, the LAN
IP, on different ports, and I NAT each port on the internet IP to the
LAN IP. serverA and clientB can only talk on 192.168.10.0/24, but need
to be able to talk via internet IP.
Ssh was just an example protocol, I've had this problem with weblogic,
and other things, but it's never been an issue until now.
Joseph Mack wrote:
Justin Georgeson wrote:
(minor editing by Joe)
I have a realserver, that I give a hostname.
The realserver resolves the hostname and gives clients the resolved IP.
So if I give it an internal hostname that resolves to an internal IP, clients can't
connect.
A similar problem, of indexing, was solved by Ted Pavlic
http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO-9.html#ss9.22
you let each realserver's name resolve to the VIP.
also have a look at
http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO-9.html#ss9.18
(you must already understand this or your setup wouldn't be working).
If I give it an external name that resolves to an external IP,
it's screwed up (forget exactly why).
I don't know why either:-)
Joe
--
Justin Georgeson
UnBound Technologies, Inc.
http://www.unboundtech.com
Main 713.329.9330
Fax 713.460.4051
Mobile 512.789.1962
5295 Hollister Road
Houston, TX 77040
Real Applications using Real Wireless Intelligence(tm)
|
