> > IP's into a second box, behind the wall, running ipvsadm.
> I assume you mean the box is a director.
Yes, my terminology is less than normal today,
> > if it is and if so, what I should expect.
> sometimes it works OK and sometimes it doesn't.
So is this something you would recommend we explore, or just go back to
using a dual server system? When it does work, does it work reliably or
does it sometimes fail?
> > * Firewall would be 18.104.22.168 on eth0
> > * Firewall would also have aliases for 22.214.171.124, 126.96.36.199, and 188.8.131.52
> use secondary IPs not aliases.
Sorry, again terminology, but then again, let me ask the question. We
add additiona IP's in to /etc/sysconfig/network-scripts/ifcfg-eth:<id>.
Is that considered secondary or alias?
Or should we be using ip addr add?
> > iptables would have this:
> > -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
> accept nic:VIP:port, all else reject
We reject everything to begin with. I was wanted to make sure I was on
the right track. I still assume that I want to use IN and not FORWARD
(at least at this point) as the traffic is technically coming into the
BTW, thanks for the quick response.