|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>> Better would be:
>>
>> Internet | | 192.168.2.1 | | 192.168.2.2/192.168.3.1 (two
>> ethernet cards) | | /------------------------\ 192.168.3.2
>> 192.168.3.3
>
>
> humm, but, i have a problem with your solution number 2: i don't
> know how to tell the linux box how to forward packets from nic2
> (local network) to nic1 (goto internet)
>
> sure your solution no2 looks nice, but.. maybe you could tell me
> how to do:
>
>
> (internet)-----|nic1****lvs-nat****nic2|-----(local)
>
> packets need to come from outside, travel from nic1 to nic2 and
> opposite too: from nic2 to nic1 for going outside..
>
> looks like very interesting tho, still is kind of black magic for
> me ..
#ip add add 192.168.2.2/24 dev eth0
#ip add add 192.168.3.1/24 dev eth1
The MS Windows servers get an address in the 192.168.3.x range e.g.
192.168.3.2 and 192.168.3.3 and hang on a hub at device eth1. Their
gateway will be 192.168.3.1.
For outgoing traffic from the windows servers to internet you can use
the following Masquerading:
#iptables -A POSTROUTING -t nat -s 192.168.3.0/24 -i eth1 -o eth0 -j
MASQUERADE
Then you setup the LVS:
#echo "
- -A -t 192.168.2.2:80 -s rr
- -a -t 192.168.2.2:80 -r 192.168.3.2:80 -m
- -a -t 192.168.2.2:80 -r 192.168.3.3:80 -m
" | ipvsadm -R
That should be enough.
Greetings,
Ludo.
PS. For further info on general routing questions, please see:
http://lartc.org/howto/
http://www.thelinuxreview.com/howto/networking/
- --
Ludo Stellingwerff
V&S B.V. The Netherlands
ProTactive firewall solution.
Tel: +31 172 416116
Fax: +31 172 416124
site: www.protactive.nl
demo: http://www.protactive.nl:81/netview.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDOlyHOF3sCpZ+AJgRAk72AKDp1vdGgZeEpq1g54YzChL6lSe+rQCfYGBI
FUA1PqCSJgZVc9J9uqUNnKo=
=k+6F
-----END PGP SIGNATURE-----
|
