On Thu, Jul 03, 2003 at 01:39:46AM -0000, Mohd Irwan Bin Jamaluddin wrote:
> Good day.
>
> I'm using LVS-NAT system. Here is the scenario:
> VIP: 10.0.12.21
> DIP: 10.0.12.22
> RIP: 10.0.12.23, 10.0.12.24, 10.0.12.25
> CIP: 10.0.x.x
>
> Ok, the Clients can get the direct access to the Realservers without going
> through the Director in this system. How can i block the the Clients from
> getting through Realservers directly. IOW, I want all the Clients go through
> into the Director first.
Don't use LVS-NAT if your end-users are on the same network as the
real servers. Use LVS-DR instead. Then, if you want to be pedantic,
block direct connections from the end-users to the real servers
using iptables.
--
Horms
|