Re: [lvs-users] lvs-direct..stumped: arp or not to arp?

To: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] lvs-direct..stumped: arp or not to arp?
From: "William Ottley" <williamottley@xxxxxxxxx>
Date: Sat, 29 Dec 2007 08:58:49 -0500
thanks Mack & Sameer,

I was starting to think LVS-NAT was the route to go. Mack, I setup a
vmware demo of what I wanted, and things worked fine: well except that
the IP's were different, and that the web servers were connected via
vpn. So, Sameer: yea it makes sense about the rewrites... SO, NAT is
what i'll try, BUT, you did indicate tunnel.

And well here's the thing, I'm really interested in LVS-TUN, but, I
might have a problem with the web servers sending data directly TO the
client. Doing it this way, exposes the webservers location.

I have a firewall setup specifically for this reason: site-to-site VPN
connection to 2 web servers at 2 geographically different locations.

My understanding is that ip tunneling will be private, BUT, the data
that leaves the web servers don't go back to the Load Balancer as the
GW, but to the client.. which is what I can't have.

I hope this makes sense?

btw, what is: "DIP" for LVS-NAT, and ingress filtering?

I  made sure, that iptables were turned off...

Thanks so much for your help.


On Dec 29, 2007 8:36 AM, Joseph Mack NA3T <jmack@xxxxxxxx> wrote:
> On Fri, 28 Dec 2007, William Ottley wrote:
> > Hey Joseph, thanks for responding. I have a strong suspicion, that it
> > has to do with VPN. See, if you notice the real servers are on a
> > different network, which is .3.10 and .4.10 These are reachable via a
> won't work for LVS-DR
> > site-to-site vpn connection.
> Now I use the howto at:
> >
> >
> > (5. Example: Setup LVS using LVS-DR forwarding)
> >
> > and well it tells me to make sure the gw for the realservers are
> > pointing to the LVS VIP,
> DIP for LVS-NAT, router for LVS-DR
>   which in my case is, but i
> > can't do that, since the real server's GW is pointing to another
> > firewall, which creates the VPN...
> >
> > I'm sooo confused as to what process to use
> >
> > See, we need to "hide" all of the webservers from the internet
> Try a setup from the HOWTO on the bench, then when it works
> modify the setup for your situation
> JOe
> --
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at
> Homepage It's GNU/Linux!
> _______________________________________________
> mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to

Morpheus: After this, there is no turning back. You take the blue pill
- the story ends, you wake up in your bed and believe whatever you
want to believe. You take the red pill - you stay in Wonderland and I
show you how deep the rabbit-hole goes.

<Prev in Thread] Current Thread [Next in Thread>