portfw or direct accessability

Draschl Clemens clemens.draschl at techconsult.at
Tue Aug 14 15:06:58 BST 2001


thanx for the fast advice. but i'm not sure you understood correctly
what i wanted. i just simply want a port-fw on vip:port1 to
webserver_1:22 and vip:port2 to webserver_2:22.  because it's not very
fine to guess what server can be reached. it should be a dedicated port
(i tried 1026 to webserver_1 and 1027 forwarding to webserver_")

and it seems, that rinetd is completely overriding everything i
configured, nmap just shows nothing. and ipmasqadm won't worked on an
aliased ip (i read a posting about this fact, but it isn't verified)


Alexandre CASSEN wrote:

> Hi,
> Try this : ipchains -A forward -j MASQ -p tcp -s 80 -d
> => That way you only NAT port 80 of your realservers, all the other
> services are accessible via routing table.
> => You need then to set on your default gateway network router a routing
> entry to route direct traffic to IP addresses of your realserver throught
> LVS. For example if LVS loadbalance realserver pool owning IP class
>, if your LVS accessible IP is then append
> something like this : ip route add via on
> your default gateway network router.
> Read http://keepalived.sourceforge.net QuickStart.pdf guide this is exactly
> the configuration you need.
> Hope it will help,
> Alexandre
> >the problem now is, that each of the web servers needs its own
> >ssh-access for maintainance.
> >i tried it first with rr-scheduling with just setting up one service for
> >each server, but it didn't work. the second thing i tried is with ipmasq
> >portfw, the same. the last thing i tried was rinetd, again nothing. i
> >wasn't able to access one of the webserver directly at all.
> >i set up several ipchains too, but nothing happened.
