|
On Sat, May 01, 2004 at 01:53:27PM -0700, Robert Hamilton wrote:
> Thanks Joe,
>
> I did come across those sections in the HOW-To's working through stuff now.
>
> I can just use iptables rules like:
>
> iptables -t nat -A POSTROUTING -p tcp -s 172.16.10.0/24 --dport 80 -j
> MASQUERADE
>
> iptables -t nat -A POSTROUTING -p tcp -s 172.16.10.0/24 --dport 433 -j
> MASQUERADE
>
> where my private network for the web servers is 172.16.10.0/24
> Web servers are 172.16.10.30, 172.16.10.31
>
>
> | VIP x.x.x.240
> | RIP x.x.x.241
> ---------
> | LB |
> ---------
> | RIP 172.16.10.11
> | VIP 172.16.10.10
> |
> ------------------------------------
> | |
> | RIP 172.16.10.30 | RIP 172.16.10.31
> -------- --------
> | web1 | | web2 |
> -------- --------
>
> The web servers need to act as clients and open outbound connections on
> ports 80 and 443 to communicate with an outsourced billing system.
>
> Could I also use the destination ip's for the billing servers to trigger
> the MASQ firewall rules?
Sure, if you wanted to tighten the rules up a bit you
could make them only match for certain destination addresses.
> There is also a requirement to send smtp email from the web servers to
> an email address specified by the user.
>
> iptables -t nat -A POSTROUTING -p tcp -s 172.16.10.0/24 --dport 25 -j
> MASQUERADE
>
> Thanks for getting back with me so quickly. First time for lvs for me.
> Great stuff.
--
Horms
|
