|
Hello,
I have things working well on my test cluster using
LVS-DR and HTTP (haven't got 'ldirectord' setup yet,
though). I did read the HTTPS section in the HOWTo,
but it left me with a couple of questions.
>From the HOWTO:
> (the DNS name of the LVS cluster which is
> associated with the VIP).
Okay, so let's say I put the SSL host on the IP
address '10.10.10.35' (we'll pretend it's a routable
IP, as opposed to a private IP). So I setup the LVS
to listen on that IP. Okay, not a problem.
> The https on the realserver then must be setup as
> if it had the name of the LVS cluster. To do this,
> activate the VIP on a device on the realserver
Okay, so now I go over to each of the Real Servers,
and add, say, a loopback adapter with the
'10.10.10.35' IP address, correct?
The above seems fairly straitghtforward; my question
comes in as to how the 'ipvadm' command looks. For
example, to setup the forwarding for the regular HTTP
service, I have:
(Assume VIP=10.10.10.20 and RIP=10.10.10.25)
/sbin/ipvsadm -A -t 10.10.10.20:80 -r 10.10.10.25 -g
-w 1
But for HTTPS, if the SSL_VIP=10.10.10.35 and the
RIP=10.10.10.25, would I put the following:
/sbin/ipvsadm -A -t 10.10.10.35:443 -r 10.10.10.25 -g
-w 1
(I did try the above, btw, but I get a "service not
defined" error, even though it is in my
'/etc/services' file).
Now, for FTP, I understand that for "active" FTP I
only need to forward port 21, but I assume if I wanted
to allow passice FTP, I would need to forward both 21
and 20, correct?
Any ideas?
TIA,
Alan
______________________________________________________________________
Post your free ad now! http://personals.yahoo.ca
|
