[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-virtual-server
Subject:    Re: LVS behind a firewall. Direct Routing needed?
From:       Horms <horms () vergenet ! net>
Date:       2000-09-21 17:35:03
[Download RAW message or body]

On Thu, Sep 21, 2000 at 10:11:43AM -0400, Peter C. Nikolaidis wrote:
> Hello,
> 
>     We presently have no firewall at our location, but are putting one up in
> a couple of days.  I'm trying to decide how our LVS fits into the equation.
> 
> ------------------------------------------
> Present Configuration:
> 
> ISP's Router    209.198.101.161
> 
> LVS pub IP      209.198.101.185
> LVS priv IP     192.168.1.1
> 
> VS1             192.168.1.11
> VS2             192.168.1.12
> VS3             192.168.1.13
> 
> Rest of our network 209.198.101.0
> ------------------------------------------
> Desired Configuration:
> 
> ISP's Router:     209.198.101.161
> Firewall          192.168.1.1
> 
> LVS pub IP        192.168.1.2?
> LVS priv IP       192.168.1.3?
> 
> VS1               192.168.1.11
> VS2               192.168.1.12
> VS3               192.168.1.13
> 
> Rest of our network 192.168.1.0
> ------------------------------------------
> 
>     Is this a task for direct routing as opposed to NAT?  If this isn't an
> option, then I guess I have to move the rest of our network or the virtual
> server side over to 192.168.0.0.
> 
>     Thoughts?

Possibly the easiest way to do this is to configure the 
Linux Directors to use LVS-NAT and have packet filtering
rules. Effectively making the Linux Director the firewall
and avoiding adding extra hops to the network.


-- 
Horms

----------------------------------------------------------------------
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
To unsubscribe, e-mail: lvs-users-unsubscribe@LinuxVirtualServer.org
For additional commands, e-mail: lvs-users-help@LinuxVirtualServer.org

[prev in list] [next in list] [prev in thread] [next in thread]