| Turbolinux Cluster LoadBalancer 10: User Guide | ||
|---|---|---|
| <<< Previous | Chapter 6. Configuration File | Next >>> |
There are several settings that are not contained within any section of the configuration file, as well as a couple of sections that apply to all objects. These include the security settings, NAT settings, and network mask.
The security settings allow you to restrict management access to certain machines.
DenyHost badguy.hackers.usa/255.255.255.0 AllowHost partner.business.usa |
The addresses can be given as IP addresses or domain names. You can specify a network mask as well, in order to include an entire subnet. If you do not give a subnet, only the single IP address listed will be allowed or denied.
You may have multiple AllowHost and DenyHost lines. The lines will be processed in order until a match is found. These settings are configured in the `Global Settings' | `Security Settings' section of turboclusteradmin.
You should set use the following settings to secure your cluster:
AllowHost 127.0.0.1 DenyHost 0.0.0.0/0.0.0.0 |
This will allow only the CMC daemon on the local host to access the administration port of the clusterserverd daemon.
The NetworkMask parameter is used to specify the network mask of the cluster itself. When the primary ATM assumes the IP address of the cluster, it will use this as its subnet mask.
NetworkMask 255.255.255.0 |
The default value is 255.255.255.0, which is the network mask for a Class C network. If you are unsure what your network mask should be, ask the network administrator at your site, or look at the network mask setting of a system on the subnet.
The NAT section describes how to set the parameters that will be used if you use the NAT traffic forwarding method.
NAT Subnet 10.0.0.0 255.255.0.0 Gateway 192.168.0.100 EndNAT |
The Subnet line gives the address range that will be used in the NAT translation process. It should specify a range of addresses that are not used anywhere on your network. Most sites will choose to use 10.0.0.0 here. The mask specified on the same line determines how many clients can be translated. Use 255.255.0.0 for an avarage site, and 255.240.0.0 for a larger site. The Gateway parameter specifies a virtual address that will be configured on the internal side of the ATM, and will be used as the default gateway by the NAT-using nodes.
For more detailed information on how to choose these NAT parameters, consult Section 4.7.3.
| <<< Previous | Home | Next >>> |
| Configuration File | Up | Services |