|
Jeff Kilbride wrote:
Hi Joe,
Actually, no, I'm not very glad my director, and now it seems my
realservers, can't connect to the outside world after running the setup
script. While I understand the need for security, I have the ability to
secure my machines without completely severing them from the internet.
Um, as I understand it the setup script is mainly for testing, as you
will logicaly need a health checking daemon in combination with LVS to
make it more usesfull than round robin DNS (i.e. use
ldirectord,keepalived or mon.)
If you want your real servers to be accessible as normal without
infrastructure changes either use DR or TUN mode that don't change your
topology. OR read the instructions about MASQ/NAT mode, by default LVS
only forwards packets on the VIP if you want access to the internet or
access to the RIPs from the internet you will obviously need to put some
firewall rules in your new LVS/NAT/Firewall which is what you've
effectivley created.
As far as I'm aware this is what other commercial vendors
F5/Foundry/CISCO etc also do with their products, and also why most
people find them a bugger to test before setting up live (i.e. you must
have a test environment).
--
Regards,
Malcolm Turnbull.
Loadbalancer.org Limited
Office: +44 (0)870 443 8779
Mobile: +44 (0)7715 770523
http://www.loadbalancer.org/
" When a single point of failure is not an option"
Why not try our online demonstration
<http://www.loadbalancer.org/demo.html> ? Or get answers to common
questions <http://www.loadbalancer.org/fud.html> ?
|
