LVS-NAT - administration question

[Joseph Mack NA3T]

On Tue, 17 Oct 2006, Ben Wilder wrote:

> Hi again all,
>
> Another question if I may, I have LVS-NAT set up as below, I had trouble
> getting the single network NAT working as per the how-tos.
>
>
> OS is Fedora core 5 - kernel 2.6.15-1.2054_FC5 Ipvsadm version: 1.2.1
>
> Network looks like the following (I am testing with one real server at the
> moment)
>
> [CIP]10.10.10.100 --> [eth0:1 VIP]10.10.10.5 (Director)[eth0 DIP]
> 192.168.0.1 --> [eth0 RIP]192.168.0.100

this is two networks.

> I would like to admin the Real server from the 10.10.10.100 client, or from
> anything on the 10.10.10.x network.

Just be aware that you don't normally want clients to have 
access to the realservers - you don't want anyone to know 
that there are multiple machines in the LVS - for security 
reasons.

You could login to the director from the client network 
(again not a great idea for security reasons) and hop from 
there to the realserver.


> The Real server has a second NIC which I
> could address differently but would cause the load balancing to stop
> functioning.

why would it stop?

> I can ssh to the director and then from there to the real
> server, but ideally I would need to upload files etc over sftp aswell.
>
> Is there any way that I can use this second NIC on the real server to allow
> the 10.10.10.x network to administrate it?

Why can't you put a 10.10.10.x address on the realserver 
(and a cable to the switch on the 10.10.10.x network)?

Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!