|
--- Jacob Coby <jcoby@xxxxxxxxxxxxxxx> wrote:
> > So far, this has confused eveyrone I've mentioned
> it to, but here goes.
> > My director has two NICs, one exposed to the
> internet, and the other
> > exposed to a private LAN. The public interface has
> many addresses bound
I've not read your email fully, but off the bat, I've
seen a lot of requests for backdoor entry methods
using that 2nd NIC on a real host behind LVS. What I
think some people might not realize is LVS can
FAILOVER MULTIPLE IP ADDRESSES.
Thus, you can setup multiple LOAD BALANCED schemes,
such as load balance your SENDMAIL to several real
servers, but at the same time, using a different LVS
IP address on eth0:x create a FAKE LOAD BALANCE (what
I call it) to ONE REAL HOST such as for SSH support
direct to that one real host.
This knowledge might help some of you who are looking
for this back-door entry. Better to do it via LVS
public side, and let LVS manage the multiple or single
real host load balance scheme. But note, your LVS
PRIVATE NETWORK should NOT contain any other servers
or clients needing access via LVS public side - it
will not work. Your other servers and clients should
be at leat on the public LVS side, or another network.
Peter
%%%%%%%%%%%%%%%%%%%%%%%%
peterbaitz.com/lvs.html
%%%%%%%%%%%%%%%%%%%%%%%%
__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com
|
