Adam Niedzwiedzki wrote:
This is the issue, how can I setup shorewall to allow the "realservers" access to the internet, if it is shorewall that I should be trying to make this happen with. Should I MASQ eth2 in shorewall?
Yes. That or run a proxy on the Shorewall box.
Will this then break LVS-NAT doing the masq on the incoming stuff?
I shouldn't think so.
PART B: to all this is maybe changing LVS to DR (direct routing), so that my machines are connected via eth1 with 202.45.102.x ip's etc, but I can't seem to see if that will play nice with shorewall, I read something about a patch needed for connecting tracking (but I thought the fwmark got around all that), not going here unless I can't get my NAT'd machines to talk externally :s....
You've exhausted my limited knowledge of LVS. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
