|
William
On Sun, 2008-01-06 at 09:36 -0500, William Ottley wrote:
> Now I don't want the realservers sending back to the CIP directly,
> because this will expose the IP of the realserver, which I can't have.
You have fundamentally misunderstood something here - and this isn't
LVS, it's TCP/IP.
When the replies to the client leave the realserver in a DR setup, the
source IP address is the VIP. If it was the realserver's IP address the
TCP connection would never complete and the client would not be able to
connect at all.
This is why each realserver needs a loopback alias (in standard
practice) of all the VIPs it is serving. Without that, nothing will
work.
> So, in essence, the LVS has to be a GW for all the traffic. is this
> possible?
It is, but it isn't necessary.
> better yet, if I create an LVS with just 1 nic, and if the realserver
> sends directly to the CIP: would doing a tracedump, or a network
> sniffer who the realserver IP?
Step away from the problem ;-)
If I were you I'd strip this right back to basics. Get a single director
and a single realserver setup, then get a single client from outside the
same networks to talk to it. Build from there.
Graeme
|
