|
= > I have an lvs server that also needs to be an SSL proxy..
=
= I don't really understand what you're trying to do here
= (not knowing much about SSL proxies), but there's
= a few things I notice.
=
= > My first idea was to use 2 external ip addresses, have
= > one of them proxypass to the other external ip address.. And
= > have that other ip address be the ip address that LVS sits on.
=
= the machine will recognise the new dst_addr as being local and won't
= send the packet out again. The rules for the 2 IPs won't chain.
=
= > That doesn't seem to work because of my nat configuration, my internal
= > box can't talk to that external Ip address.
= >
= > My second idea was to have
= >
= > EXTERNAL_IP 1
= > Proxypass to an internal ip address :
= > 192.168.1.20 which would loadbalance to realservers
= > 192.168.2.54 and .55
= >
= > And have my realservers use 192.168.2.1 as a gateway.
= >
= > The problem is I don't have enough Nics..
=
= use iproute2 tools (they aren't easy to use).
= With these tools all IPs are independant.
= The only thing you get from separate NICs is
= higher throughput and separation of packet traffic.
= Whether you have the IPs on separate or the same
= NICs, they'll still be local to the host.
So any pointers on where to start? Routing isn't my specialty..
I need to either be able to contact the outside natted ip, or have the
2 networks on one nic.. I'm still confused as to why I can't have eth1
be 192.168.1.0, eth1:0 be 192.168.1.20, have eth1:2 be 192.168.2.1 and
have machines using 192.168.2.1 be load balanced over 192.168.1.20 ..
--
---------------------------
Michael T. Halligan
Chief Geek
Halligan Infrastructure Designs.
2250 Jerrold Ave #11
San Francisco, CA 94124
(415) 824.4453
|
