Re: LVS-NAT: Block Clients From Direct Access To Realservers

To:	m.irwan.jamaluddin2k@xxxxxxxxxx, <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: LVS-NAT: Block Clients From Direct Access To Realservers
From:	Joseph Mack <mack.joseph@xxxxxxx>
Date:	Tue, 08 Jul 2003 07:18:25 -0400

Mohd Irwan Bin Jamaluddin wrote:

> 
> Still, any clients from everywhere can access the realserver directly.

I didn't read your original posting properly. Sorry. One of the features
of the one-network LVS-NAT setup is that the clients can connect to the
realservers.

To stop this you'll have to put in filter rules somewhere. Sitting here,
I thought of 3 schemes for filtering at the realserver, that I quickly 
realised wouldn't work, so it's not simple.

I take it that you can't/don't want to setup with the RIPs on another
network (eg 192.168.x.x) that you don't allow the clients to route to?
You could still use one NIC on the director and have either LVS-DR or LVS-NAT.

Joe

-- 
Joseph Mack PhD, High Performance Computing & Scientific Visualization
SAIC, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.johnb@xxxxxxx

<Prev in Thread]	Current Thread	[Next in Thread>
LVS-NAT: Block Clients From Direct Access To Realservers, Mohd Irwan Bin Jamaluddin Re: LVS-NAT: Block Clients From Direct Access To Realservers, Horms Re: LVS-NAT: Block Clients From Direct Access To Realservers, Joseph Mack Re: LVS-NAT: Block Clients From Direct Access To Realservers, Mohd Irwan Bin Jamaluddin Re: LVS-NAT: Block Clients From Direct Access To Realservers, Joseph Mack <=

Previous by Date:	Re: connection delay/limit, Konrads . Smelkovs
Next by Date:	Re: connection delay/limit, Joseph Mack
Previous by Thread:	Re: LVS-NAT: Block Clients From Direct Access To Realservers, Mohd Irwan Bin Jamaluddin
Next by Thread:	connection delay/limit, Konrads . Smelkovs
Indexes:	[Date] [Thread] [Top] [All Lists]