|
Justin Georgeson wrote:
>
> I'm not sure I stated my problem correctly, the first link was about NFS
> and file locking,
look again (below)
> Let's say we have clientA coming in from the internet, and clientB
> coming from the LAN. Between the two I have a box with ipvs NAT rules.
> On the LAN I have serverA. On the NAT box, I have virtual eth interfaces
> defined, one is for serverA.
if you're talking about an LVS I don't know what this means. In an LVS-NAT the
VIP is forwarded to the RIPs one of which could be on serverA,
if this is what you mean.
So I forward/NAT ports on that IP to the
> relevant port on the lan IP of serverA. There is a DNS name resolvable
> to the internet IP of serverA,
but serverA is not on the internet.
and a hostname internal to the LAN, using
> /etc/hosts, that resolves to the LAN IP of server A. From clientA, I can
> ssh to the public DNS name or its IP address.
do you mean you can ssh to the VIP?
From clientB, I can ssh to
> the internal LAN name or its IP address. I can't, from clientB, ssh to
> the public DNS name or its IP address.
just so you know, client B can't be a server
http://www.linuxvirtualserver.org/Joseph.Mack/mini-HOWTO/LVS-mini-HOWTO.html#gotchas
> Looking at the little diagram below, clientB can *only* ssh to
> 192.168.10.0/24, and not to an IP/FQDN bound on the public side of
> ipvs/NAT.
>
> clientA
> |
> Internet
> |
> ipvs/NAT
> |
> (192.168.10.0/24)
> |
> serverA,clientB
>
> Now, you might ask, so what? And I would agree. But, I have this
> JBoss/Tomcat server
running on serverA?
> that this poses a problem for. I need to give it the
> FDQN
of what?
> when I start it
. If that name resolves to the public IP address
> (VIP?), it can't make connections between components. If that name
> resolves to the internal LAN IP (RIP?) address, then [external] clients
> can't connect to other components because the server gives them that
> internal IP address, for which there is no route. I put external in
> brackets there because there will never be a case of internal clients.
> The server and ipvs are in a rack in a hosting center, in another city.
I'm sorry, there are more "it"s and "that"s in here than I can handle.
If you need to try again, give diagrams with the call from the client and
what you want to have happen in each case, and why it doesn't work.
I take it you want to connect to a private IP or a public IP depending
on where you are calling from. In both cases you need to use the same name.
Can you have different entries in /etc/hosts on the two different clients?
original reply
> > A similar problem, of indexing, was solved by Ted Pavlic
^^^^^^^
> > http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO-9.html#ss9.22
Joe
--
Joseph Mack PhD, Senior Systems Engineer, SAIC contractor
to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|
