[lvs-users] traditional firewall and site-to-site VPN or LVS-TUN?

[William Ottley]

So If I have my understanding correctly, I really DON'T need a
firewall in front of the Load Balancer, and site-to-site VPN
connection to the individual Web Servers, which have firewalls in
front of them as well, since:
#1 there are iptables anyways (firewall)
#2 the LVS has 2 Nics, with the 2nd nic connecting to the individual
firewalls via IP Tunneling.
#3 LVS-TUN is a form of protection anyways, because it creates a
secure tunnel to the individual web servers, and is used as those web
servers gateway.

If all this is true, my next step really, is to figure out how to
LVS-TUN, correct?
(I'm going to read up on the security aspect in the howto)

William

On Dec 29, 2007 12:28 PM, Joseph Mack NA3T <jmack at wm7d.net> wrote:
> yOn Sat, 29 Dec 2007, William Ottley wrote:
>
> > And well here's the thing, I'm really interested in LVS-TUN, but, I
> > might have a problem with the web servers sending data directly TO the
> > client. Doing it this way, exposes the webservers location.
>
> In an LVS, the realservers are not visible to the client.
> See the security section in the HOWTO
>
> please edit your posts so only the parts being replied to
> are in your post
>
> Thanks
>
> Joe
> >
>
> --
>
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>



-- 
---------------
Morpheus: After this, there is no turning back. You take the blue pill
- the story ends, you wake up in your bed and believe whatever you
want to believe. You take the red pill - you stay in Wonderland and I
show you how deep the rabbit-hole goes.