Re: [fw-wiz] Load Balancing

From: Mark Tinberg (
Date: 11/18/04

  • Next message: Daniel Chemko: "RE: [fw-wiz] Load Balancing"
    To: Nathaniel Hall <>
    Date: Thu, 18 Nov 2004 11:17:23 -0600 (CST)

    On Tue, 16 Nov 2004, Nathaniel Hall wrote:
    > LDAP request goes to
    > Request is routed to interface on same network and destination address is
    > correctly changed to a random system to be load balanced.
    > Once there is an answer for LDAP, the answer goes directly to the requesting
    > machine, not the firewall that routed it.

    I'm sure there are many ways to fix this, by in my pre-coffee state I can
    think of two.

    1) NAT the traffic on the FW so that responses are sure to go to the right

    2) Set the LDAP cluster with limited routing table, a /29 for example, so
        the traffic has to route through the firewall to get back to the rest
        of your network.

    Q: Why do you have source, dest and firewall on same segment?
    Q: Maybe dns round robin would be better for load balancing

    Mark Tinberg <>
    Network Administrator, SecurePipe Inc.
    Key fingerprint = FAEF 15E4 FEB3 08E8 66D5  A1A1 16EE C5E4 E523 6C67
    firewall-wizards mailing list

  • Next message: Daniel Chemko: "RE: [fw-wiz] Load Balancing"