[TriLUG] Routing question

Jon Carnes jonc at nc.rr.com
Fri Feb 15 17:57:13 EST 2002 

Assuming you have two firewalls, one for each connection, then you can bring 
up a server box with three network connections:
 - Connection Out1 to the interior of firewall 1
 - Connection Out2 to the interior of firewall 2
 - Connection Int to your internal network

We'll call the server box "DMZ".

You'll run a private network between the DMZ server and each of the firewall 
boxes, and then you'll run a third private network for your internal network.

Setup the Linux Virtual Server on DMZ.  The twist here, is that you will be 
sort of setting it up in reverse.  The virtual server can be set to use Round 
Robin in sending out the packets, and you can vary which protocol goes down 
which path.  You can tweak it a bit so that a connection to an external 
resource continues to go out the same path, but that a new connection to a 
different resource goes out the other path.

I use the LVS a lot at HAHT, but only for incoming load-balancing / 
High-availability.

Another nice feature of the LVS is that you can weight connections, and 
change the weight of the connections on the fly, so if one resource gets 
overloaded, you can adjust the weight so that the majority of your new 
requests go out the least used path.

That LVS is some hot s**tuff

Jon
===
On Friday 15 February 2002 12:34 am, Tanner Lovelace wrote:
> Greetings,
>
> I temporarily have an interesting problem that perhaps someone here
> can help me out with.  I have a computer connected to the internet
> with both DSL and cable (both static IPs) and I want connections
> that come in on one interface to be able to go out on that interface.
> I read the advanced routing howto and figured out how to use
> iproute2 (the ip command) to setup different routing tables based
> on various attributes (i.e. policy routing).  Unfortunately, this
> doesn't seem to help me very much.  Basically, what seems to happen
> is that linux always originates IP packets from one of my two addresses
> and when it sends it out the default route, whichever address is
> not from the default route (i.e the cable address going out the DSL
> interface) doesn't work very well. :-)  I think what I need is
> to setup IP masquerading so that it can keep state of the connections
> and send the correct connections out the correct address (changing
> the originating IP as needed).  Oh, and I need to do this under
> 2.2.19, so IPtables is out. :-(  I pretty much understand how
> IPtables work, but IPchains, which I must use since I'm under
> a 2.2.x kernel, just confuses me.  Can anyone give me an suggestions
> for how to accomplish this?  (And, please, no suggestions that I
> upgrade to 2.4.  This is an internet server with the openwall
> security patches, which aren't available for 2.4 yet [yes,
> I know about the other set of patches, but I would prefer to have
> them tested first].)
>
> Thanks very much in advance,
> Tanner

More information about the TriLUG mailing list