|
>
> Hello,
>
> > I'm trying to get LVS to work in a different configuration
> than I normally
> > do and I'm running into some problems. Here is the setup:
>
> What kind of problems?
I the connection does not work.
>
> > Clients
> > |
> > Hit external address
> > ----------Firewall----------
> > NATS the external address to 172.27.82.4
>
> So you do a port translation for the VIP. All outgoing
> traffic from here will be
> having the srcIP of your firewall unless you use transparent
> proxying. This
> might yield severe load imbalance.
I see the client IP and not the firewall IP in my logs when I get hits
through the firewall so I'm guessing it's transparent.
>
> > Director - IP:172.27.82.3
> > - VIP:172.27.82.4
> >
> > ----------Firewall----------
>
> Is this firewall bridging two collision domains? ITIM: Do,
> loosly speaking,
> 172.27.0.0/?? and 172.20.0.0/?? express two different
> physical networks?
Yes
> If so,
> what kind for LVS forwarding method did you choose?
LVS-NAT
> ("Almost") Only LVS_TUN will
> work in a network topology like that. You could technically
> use LVS_NAT, however
> this would be a rather strange setup. If I may be so impolite
> as to mention your
> placing of the second firewall is rather found wanting.
The network guys wanted a DMZ
>
> > Real Server 1 - IP:172.20.6.12
> > Real Server 2 - IP:172.20.6.13
> >
> > I normally use LVS in a single network setup so this is new
> to me. Am I
> > going about this the wrong way? Is this even possible All of the
> > documentation I've looked through doesn't seem to apply to
> my configuration.
>
> Check out the documentation on LVS_TUN, if you need to load
> balance across
> collision domains, within private addressable IP ranges.
>
> > CONFIDENTIALITY NOTICE: The information in this e-mail is
> privileged and
> > confidential. Any use, copying or dissemination of any
> portion of this
> > e-mail by or to anyone other than the intended recipient(s)
> is unauthorized.
> > If you have received this e-mail in error, please reply to
> sender and delete
> > it from your system immediately.
>
> This statement reminds me of a mixture of Moebius and M.C.
> Escher ... [1]
This is automaticall appended to every email I send by our exchange server.
>
> [1] http://www.mcescher.com/Gallery/recogn-bmp/LW408.jpg
>
CONFIDENTIALITY NOTICE: The information in this e-mail is privileged and
confidential. Any use, copying or dissemination of any portion of this
e-mail by or to anyone other than the intended recipient(s) is unauthorized.
If you have received this e-mail in error, please reply to sender and delete
it from your system immediately.
|
