|
Andy Harding wrote:
>
> My setup is LVS-NAT.
>
> There is a VIP on either side of the box one on eth0 and one on eth1 so
> that I can have another director standing by for fail over and it can take
> the IPs. The .50 ips are fixed for me to ssh into the director.
hmm, the VIP(s) should all face the outside world. There shouldn't be one
on the inside ethernet device.
> I read I didn't need to setup masquerading for 2.4 but try as I might I
> couldn't ping 192.168.1.100 from the real server until I added some
> IPTABLES rules.
The realservers are isolated from the outside world by design as a security
measure. There should be no two way direct connection between client(s) and
realservers.
You're breaking the security, which you can do if you wish,
but just be aware that you've done it and why you've done it.
Joe
--
Joseph Mack PhD, High Performance Computing & Scientific Visualization
SAIC, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.johnb@xxxxxxx
|
