Re: [load balancing] direct access to server

From: Zafer Berber <zafer [izzat] prolink.com.tr>
Date: Mon Oct 09 2006 - 04:01:20 EDT

how can i do with irule?

i created vip for network 192.168.1.0/24 and port ssh and vip state
ipforwarding but every traffic goes the server and i changed it to layer2
forwarding it works only ssh traffic, whats differences l2forwarding and
ipforwarding and the last question is

when i dont know how can i do direct access server configuration

i change /etc/sysctl.conf ip forwarding enable
but it didnt work, what differences between vip forwarding and sysctl.conf?

what is the priorty?

regards

On Friday 06 October 2006 22:39, David Remington wrote:
> You can further constrain the traffic to the network virtual server using
> either a packet filter or an iRule.
>
>
>
> -----Original Message-----
> From: owner-lb-l@vegan.net on behalf of Deb Allen
> Sent: Fri 10/6/2006 12:20 PM
> To: lb-l@vegan.net
> Cc:
> Subject: RE: [load balancing] direct access to server
>
> You can create a wildcard forwarding network virtual server of type
> Forwarding(IP) with address of 0.0.0.0, mask of 0.0.0.0 and port
> */0/any.
>
> If you want tighter control of the traffic being forwarded, I'd
> recommend instead creating forwarding virtual servers specific to the
> backend subnet and services you want to support, for example address of
> 192.168.1.0 and mask of 255.255.255.0.
> Likewise if you only want to allow specific ports, you can create
> specific network virtual server supporting the required ports.
>
> In either case, select the protocols you need.
> Set "VLAN traffic" to "all vlans", or enable only the client-side vlan
> if you want to limit traffic to inbound requests only.
>
> /deb
>
> -----Original Message-----
> From: owner-lb-l@vegan.net [mailto:owner-lb-l@vegan.net] On Behalf Of
> Zafer Berber
> Sent: Wednesday, October 04, 2006 10:38 PM
> To: lb-l@vegan.net
> Subject: Re: [load balancing] direct access to server
>
> customer dont like nat!
> is it secure create virtual server the ip range?
>
> can u explain how can i do it detail, in the network 0.0.0.0 port
> section is
> "*" another settings ?
>
>
> regards
>
> zafer
>
> On Wednesday 04 October 2006 21:52, Deb Allen wrote:
> > You can create a forwarding virtual server the IP range of the
>
> backend
>
> > subnet (or wildcard) and enable it at least on the clientside vlan.
> > You might want to make sure SNAT is disabled for this virtual server
>
> if
>
> > you want to see real client addresses in the server logs.
> >
> > Alternatively you can configure a NAT for each server to allow direct
> > access. (less secure and more admin overhead)
> >
> > -----Original Message-----
> > From: owner-lb-l@vegan.net [mailto:owner-lb-l@vegan.net] On Behalf Of
> > Zafer Berber
> > Sent: Wednesday, October 04, 2006 10:20 AM
> > To: vegan
> > Subject: [load balancing] direct access to server
> >
> >
> > Hi,
> >
> > i can do on alteon direct access enable
> >
> > how can i connect direct to server over the bigip ?
> >
> > client ----- vlan 10-----bigip----vlan 20---- server
> >
> > i want connect direct access ther server from client side, updates and
> > managment for the servers
> >
> >
> > regards

-- 
------------------------- 
Zafer Berber
System Engineer
Prolink 
http://www.prolink.com.tr 
Office:+90 216 573 73 00
____________________
The Load Balancing Mailing List
Unsubscribe:    mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive:        http://vegan.net/lb/archive
LBDigest:       http://lbdigest.com
MRTG with SLB:  http://vegan.net/MRTG
Hosted by:	http://www.tokkisystems.com
Received on Mon Oct 9 03:59:59 2006

This archive was generated by hypermail 2.1.8 : Mon Oct 09 2006 - 04:04:06 EDT