Re: [fw-wiz] Load Balancing
From: Mark Tinberg (mtinberg_at_securepipe.com)
To: Nathaniel Hall <firstname.lastname@example.org> Date: Thu, 18 Nov 2004 11:17:23 -0600 (CST)
On Tue, 16 Nov 2004, Nathaniel Hall wrote:
> LDAP request goes to 172.16.0.63
> Request is routed to interface on same network and destination address is
> correctly changed to a random system to be load balanced.
> Once there is an answer for LDAP, the answer goes directly to the requesting
> machine, not the firewall that routed it.
I'm sure there are many ways to fix this, by in my pre-coffee state I can
think of two.
1) NAT the traffic on the FW so that responses are sure to go to the right
2) Set the LDAP cluster with limited routing table, a /29 for example, so
the traffic has to route through the firewall to get back to the rest
of your network.
Q: Why do you have source, dest and firewall on same segment?
Q: Maybe dns round robin would be better for load balancing
-- Mark Tinberg <MTinberg@securepipe.com> Network Administrator, SecurePipe Inc. Key fingerprint = FAEF 15E4 FEB3 08E8 66D5 A1A1 16EE C5E4 E523 6C67 _______________________________________________ firewall-wizards mailing list email@example.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards