LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: LVS-NAT: Block Clients From Direct Access To Realservers

from [Horms] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: LVS-NAT: Block Clients From Direct Access To Realservers
From: Horms <horms@xxxxxxxxxxxx>
Date: Thu, 3 Jul 2003 10:51:28 +0900 
On Thu, Jul 03, 2003 at 01:39:46AM -0000, Mohd Irwan Bin Jamaluddin wrote:
> Good day.
> 
> I'm using LVS-NAT system. Here is the scenario:
> VIP: 10.0.12.21
> DIP: 10.0.12.22
> RIP: 10.0.12.23, 10.0.12.24, 10.0.12.25
> CIP: 10.0.x.x
> 
> Ok, the Clients can get the direct access to the Realservers without going
> through the Director in this system. How can i block the the Clients from
> getting through Realservers directly. IOW, I want all the Clients go through
> into the Director first.

Don't use LVS-NAT if your end-users are on the same network as the
real servers. Use LVS-DR instead. Then, if you want to be pedantic,
block direct connections from the end-users to the real servers
using iptables.

-- 
Horms
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  LVS-NAT: Block Clients From Direct Access To Realservers, Mohd Irwan Bin Jamaluddin
Next by Date:  connection delay/limit, Konrads . Smelkovs
Previous by Thread:  LVS-NAT: Block Clients From Direct Access To Realservers, Mohd Irwan Bin Jamaluddin
Next by Thread:  Re: LVS-NAT: Block Clients From Direct Access To Realservers, Joseph Mack
Indexes:  [Date] [Thread] [Top] [All Lists]