|
Serhan Sevim wrote:
>
> The problem is that the real servers can't get off to internet, (2 windows2k
> boxes)
> using only non-arpable ip's.(Gateways on the real servers has been set to
> director's IP)
1. RIPs can arp with LVS-NAT. I don't know how you got LVS-NAT to work with
non-arping RIPs
2. If the realservers need to connect with machines outside the LVS, then
for security you should only let out the packets for those services
see
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.3-Tier.html
for how to do it with LVS-DR.
You should only NAT out the services needed via the director, not all of them
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-NAT.html#client_on_realserver
Joe
--
Joseph Mack PhD, High Performance Computing & Scientific Visualization
SAIC, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.johnb@xxxxxxx
|
