SUMMARY - yet to be tested - Use Virtual interface ( eri0:1 ) ip as source address - spoofing ?

Laurence Moughan Laurence.Moughan at aerlingus.com
Fri Jun 17 04:43:02 EDT 2005


Hi All and thanks for feedback.

I should have explained alos that i both receive inbound ftp and sftp
connections as well as origionate outbound ftp and sftp from this box.

However I am going to try and use the deprciated option in the ifconfig
portion of the cluster setup ( when the virtual interfce gets plumbed -
i will need to depreciate the real interface) 

Thansk to David and Aaron for the pointer and to others with
suggestions and advice.

I shall post another SUMMARY when i have tested.

Regards

laurence


.,


Hi All,

I have an ftp server ftp1 on say 10.0.0.10 behind a firewall being
natted to say 192.0.0.10

interface eri0

i want to cluster the ftp server with a partner ( using opensource
software heartbeat ) this provides a virtual ip on the cative node,

so we will then have machines

ftp1 real ip address 10.0.0.1 interface eri0
ftp2 real address 10.0.0.2 interface er10

a virtual ip floating between the machines on a virtual eri interface
on one at ip 10.0.0.10 eri0:1( up on the active node )

Now this is obviously going to break my firewall rules as the source of
outgoing packets wil now be the ftp servers real address 10.0.0.1 or
10.0.0.2 

so

is there a way to foce all outbound packets to go from the virtual
interface ( eri0:1 ) address 10.0.0.10 ?


Thanks

laurence



..For low fares and great deals on hotels, car hire and travel insurance visit http://www.aerlingus.com
of any action in reliance upon, this information by persons or entities
other than the intended recipient is prohibited.If you have received
this email in error please notify the sender immediately and delete
the material. 
*******************************************************************************



More information about the sunmanagers mailing list