Web Gateway Configuration
Modify the Web Gateways to accept traffic for the VIP
Concept
As mentioned previously, DR mode is our recommended load balancer operating mode. To use this mode,
changes are required to the real servers, i.e. the Web Gateways. The real servers must accept traffic for the
VIP, but they must not respond to any ARP requests for that IP, only the VIP should do this.
To configure a Linux based Web Gateway appliance to accept traffic for the VIP the following line must be
added to the rc.local startup script on each Web Gateway appliance:
iptables -t nat -A PREROUTING -p tcp -d <VIP address> -j REDIRECT
e.g.
iptables -t nat -A PREROUTING -p tcp -d 192.168.2.202 -j REDIRECT
i.e. Redirect any incoming packets destined for the VIP to the local address
N.B. For more information please refer to the administration manuals and search for 'ARP Problem'
Configuring the McAfee Appliance
N.B. These steps must be followed on all Gateways
Login as root either at the console or using a remote ssh session
Edit the file /etc/rc.local using vi, vim or a remote editor such as the one included in WinSCP
Then add the following additional line to this file as shown below:
iptables -t nat -A PREROUTING -p tcp -d <VIP address> -j REDIRECT
12
Komentáře k této Příručce