On Tue, 16 Nov 2004, Nathaniel Hall wrote:
>
> LDAP request goes to 172.16.0.63
> Request is routed to interface on same network and destination address is
> correctly changed to a random system to be load balanced.
> Once there is an answer for LDAP, the answer goes directly to the requesting
> machine, not the firewall that routed it.
I'm sure there are many ways to fix this, by in my pre-coffee state I can
think of two.
1) NAT the traffic on the FW so that responses are sure to go to the right
place.
2) Set the LDAP cluster with limited routing table, a /29 for example, so
the traffic has to route through the firewall to get back to the rest
of your network.
Q: Why do you have source, dest and firewall on same segment?
Q: Maybe dns round robin would be better for load balancing
--
Mark Tinberg <MTinberg_at_securepipe.com>
Network Administrator, SecurePipe Inc.
Key fingerprint = FAEF 15E4 FEB3 08E8 66D5 A1A1 16EE C5E4 E523 6C67
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Nov 18 2004
Intro
