|
>the RIPs then must be public IPs?
No. The configuration looks basically as follows. This is a
simplification. The real configuration has 2 corporate firewalls
(active/passive cluster), 2 load-balancers (active/passive cluster), and
2 FTP servers. But I'm no good at creating ASCII network drawings.
My PC (Client)
| *10.0.0.109
|
| *10.0.0.12
My Firewall
| *Public IP
| ||
| ||
Internet || <- Tunnel
| ||
| ||
| *Public IP
Corporate Firewall
| *192.168.5.1
|
| *192.168.5.100 (VIP)
Load-balancer
| *192.168.10.100
|
| *192.168.10.62 (RIP)
FTP Server
>if the client is connecting with the VIP, why is it accepting an
ftp-data connect request from the RIP?
I admit that is a VERY good question. All I can say is, it is happening.
Attached is an Ethereal trace (ftp_nonat) captured on "My PC" when I
initiated an FTP connection to the VIP of the load-balancer. The
transaction starts on packet #3. In packet #23 you can see my GET
command with the destination of the VIP. In the next packet, you see the
RealServer open the FTP-DATA connection with a source address of
192.168.10.62.
The load-balancer's internal interface (192.168.10.100) is the FTP
server's default gateway.
--Eric
Disclaimer - December 22, 2006
This email and any files transmitted with it are confidential and intended
solely for LinuxVirtualServer.org users mailing list.. If you are not the named
addressee you should not disseminate, distribute, copy or alter this email. Any
views or opinions presented in this email are solely those of the author and
might not represent those of Physician Select Management (PSM) or Physician's
Managed Care (PMC). Warning: Although the message sender has taken reasonable
precautions to ensure no viruses are present in this email, neither PSM nor PMC
can accept responsibility for any loss or damage arising from the use of this
email or attachments.
|
