|
Joseph Mack PhD, High Performance Computing & Scientific Visualisation
LMIT, Supporting the EPA Research Triangle Park, NC 919-541-0007 Federal
Infrastructure Contact-Ravi Nair 919-541-5467 - nair.ravi@xxxxxxx,
Federal Visualization Contact - Joe Retzer, Ph.D. 919-541-4190 -
retzer.joseph@xxxxxxx
lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx wrote on 04/15/2005 12:12:03
AM:
> Hi Joe,
>
> Actually, no, I'm not very glad my director, and now it seems my
> realservers, can't connect to the outside world after
> running the setup
> script. While I understand the need for security, I have
> the ability to
> secure my machines without completely severing them from
> the internet.
I put some effort into the script to produce a secure LVS.
You can change the setup any way you like.
How you get your security is a religious issue. However
I personally wouldn't throw away security that already exists
just because there is security elsewhere.
> I have read the link you provided below and while it makes
> sense for a
> setup where the director and realservers don't need to
> talk to the world
If the realservers need services on the internet, there's
a write up on doing this securely in
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.3-Tier.html
> my question now is: will adding the default gateway back
> to the director
> and realservers actually *hurt* anything in the LVS setup?
No it will be fine.
If you want a default gw I'd suggest you do it through some other
NIC or IP. The VIP on the director has no business sending packets
to the outside world.
> Given that I'm
> using a two network setup, shouldn't LVS work correctly for the load
> balanced services even if I'm providing other services (on
> a different IP
> from the VIP/RIP) to the public on the director/realservers? Or am I
> missing some arcane ARP/network config problem?
it will work fine.
Joe
|
