Re: LVS Directory behind two firewalls

To:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject:	Re: LVS Directory behind two firewalls
From:	Jason Stubbs <jstubbs@xxxxxxxxxxxxx>
Date:	Mon, 6 Sep 2004 10:04:02 +0900

The director will receive requests by way of two firewalls. The firewalls only 
NAT the source address on the way in. I'm concerned whether packets on the 
way out will be sent by the director based on destination address (all to 
default gateway) or based on where the connection originated from.

On Friday 03 September 2004 21:21, Ryan Leathers wrote:
> your director keeps state and your firewall keeps state - unless I
> misunderstood your question somehow you have no problem
>
> -----Original Message-----
> From: Jason Stubbs [mailto:jstubbs@xxxxxxxxxxxxx]
> Sent: Friday, September 03, 2004 1:13 AM
> To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Subject: LVS Directory behind two firewalls
>
>
> Hi,
>
> I've just started with LVS but everything is running smoothly so far. I
> have 9
> servers split between two firewalls. Each firewall is responsible for 5
> public IPs in two different subnets. There's a total of 6 different host
> names and, up until now, load balancing was done using DNS round robin for
> some of the hosts.
>
> My goal is to have all services run on all servers and load balance across
> the
> lot. However, I realized that the two firewalls will cause me problems due
> to
> routing back. I've looked at the information in the HOWTO(1) and read the
> information I think it points to(2) but still don't understand how it works
> on the whole.
>
> So, to state the question simply: How do I ensure that traffic takes the
> same
> outward path as its inward path?
>
> Regards,
> Jason Stubbs
>
> 1.http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.ipvsadm.html#Henri
>k
> 2.http://article.gmane.org/gmane.comp.security.firewalls.netfilter.devel/37
>0 8/
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users

<Prev in Thread]	Current Thread	[Next in Thread>
LVS Directory behind two firewalls, Jason Stubbs Re: LVS Directory behind two firewalls, Joseph Mack Re: LVS Directory behind two firewalls, Jason Stubbs RE: LVS Directory behind two firewalls, Ryan Leathers Re: LVS Directory behind two firewalls, Jason Stubbs <= RE: LVS Directory behind two firewalls, Ryan Leathers

Previous by Date:	RE: LVS Directory behind two firewalls, Ryan Leathers
Next by Date:	install LVS on RH 9, remy
Previous by Thread:	RE: LVS Directory behind two firewalls, Ryan Leathers
Next by Thread:	RE: LVS Directory behind two firewalls, Ryan Leathers
Indexes:	[Date] [Thread] [Top] [All Lists]