Re: [fw-wiz] Load Balancing
From: Mark Tinberg (mtinberg_at_securepipe.com)
Date: 11/18/04
- Previous message: Luis Maria Sainz Caballero: "[fw-wiz] Checkpoint NAT H.323 support"
- In reply to: Nathaniel Hall: "[fw-wiz] Load Balancing"
- Next in thread: Daniel Chemko: "RE: [fw-wiz] Load Balancing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Nathaniel Hall <halln@otc.edu> Date: Thu, 18 Nov 2004 11:17:23 -0600 (CST)
On Tue, 16 Nov 2004, Nathaniel Hall wrote:
>
> LDAP request goes to 172.16.0.63
> Request is routed to interface on same network and destination address is
> correctly changed to a random system to be load balanced.
> Once there is an answer for LDAP, the answer goes directly to the requesting
> machine, not the firewall that routed it.
I'm sure there are many ways to fix this, by in my pre-coffee state I can
think of two.
1) NAT the traffic on the FW so that responses are sure to go to the right
place.
2) Set the LDAP cluster with limited routing table, a /29 for example, so
the traffic has to route through the firewall to get back to the rest
of your network.
Q: Why do you have source, dest and firewall on same segment?
Q: Maybe dns round robin would be better for load balancing
-- Mark Tinberg <MTinberg@securepipe.com> Network Administrator, SecurePipe Inc. Key fingerprint = FAEF 15E4 FEB3 08E8 66D5 A1A1 16EE C5E4 E523 6C67 _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Luis Maria Sainz Caballero: "[fw-wiz] Checkpoint NAT H.323 support"
- In reply to: Nathaniel Hall: "[fw-wiz] Load Balancing"
- Next in thread: Daniel Chemko: "RE: [fw-wiz] Load Balancing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
