|
On Thu, 2006-01-12 at 13:54 -0500, Pierre Ancelot wrote:
> I have a security issue on the cluster i'm building. it's not yet in
> production but i already can see the problem.
>
> I use LVS-NAT on a 4 nodes cluster.
>
> 3 nodes are real servers and director in the same time.
> 1 node has an NFS share.
>
> N1 N2 N3
> MGM
>
> So, using LVS-NAT, i got forwarding activated meaning someone could
> spoof the ip of my nodes and so, get access to the nfs share, which i
> really don't want.
forwarding is enable on Director only,
you can restrict it to only forward packets to a specific port with you
are using to load balance(eg. http)
see iptables documentation.
> Any idea toget over this ?
>
> Thanks :)
> Pierre.
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
--
Regards
Aniruddh Singh
System Administrator
Monster.com India Pvt. Ltd.
FC 23, Block B, 1st Floor, Sector 16A
Film City Noida 201301 U.P.
|
