|
First the hardware question: my company needs a firewall. Bad. I looked
into buying a PIX 50x, and into a SonicWALL 230, both will do what we need
easily. However, we also need, sometime, to get load balancing working. I
tried LVS-TUN a while ago, but ran into the MTU > 1500 problem that was
never fixed.
Sow now I'm looking into buying a 1U server (1.x p4 celeron, 256mb of ram)
to act as both a firewall and as the LVS Director as it will solve two
problems for about the same price as a dedicated firewall. The computer
will run a stripped version of Linux (probably redhat), and will do:
NAT
DHCP
PAT (not sure if this is the correct term, it's going from the public
address to the private address)
Typical firewalling with iptables (port blocking, routing, maybe reflexive
lists, stateful packet inspection).
VPN possibly in the future
LVS-DR or LVS-NAT, probably DR
Before I order the computer, does anyone see any problems with this
configuration in regards to having it work with LVS? Any problems in
general?
And for the LVS question: does LVS rely on ICMP echo packets at all? I had
to block ICMP ECHO REQ packets due to a DDOS attempt, and would like to keep
it blocked.
Thanks,
-Jacob
|
