setting up firewall rules for Web app

Say I have 4 servers(Server1-4) with different IP addresses that is suppose
to run www.mysite.com and these 4 web servers will be load balanced by a
software running on a 5th server say Server5.

I have a public IP, a DNS name, my port 80 is open on all the 4 servers.

I believe I need to open port 80 on the firewall right ?
Now how do i let the firewall know that it has to go to the load balance
first which will then round robin to those 4 Web Servers.
Do I have to stick in the private IP addresses of these Web Servers in the
firewall ? If so, how do I set them up ?

Thanks

Re: setting up firewall rules for Web app

On Dec 4, 12:33 am, "Hassan" wrote:
> Say I have 4 servers(Server1-4) with different IP addresses that is suppose
> to runwww.mysite.comand these 4 web servers will be load balanced by a
> software running on a 5th server say Server5.
>
> I have a public IP, a DNS name, my port 80 is open on all the 4 servers.
>
> I believe I need to open port 80 on the firewall right ?
Not really. You need *a* open port on the 4 servers. Not necessarily
port 80, but 80 is convenient.

> Now how do i let the firewall know that it has to go to the load balance
> first which will then round robin to those 4 Web Servers.
> Do I have to stick in the private IP addresses of these Web Servers in the
> firewall ? If so, how do I set them up ?

You don't let the Firewall know about any of of these things.
Firewalls allow/deny traffic, not route traffic. You are talking about
port-forwarding and NAT behavior.

You have to:
1. Tell the NAT to forward all incoming requests for www.mysite.com to
the load balancer on server #5
2. Tell server #5 to spread incoming traffic for www.mysite.com to the
other four servers by IP:Port:Host, depending on the load-balancer's
abilities


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

Re: setting up firewall rules for Web app

So I open up port 80 or as you said *a* port on the 4 Web Servers.

Does that mean I need to open up port 80 on the firewall too for all the
incoming traffic to www.mysite.com ? I would think so... but also not sure..


"David Wang" wrote in message
news:ce5e9921-846b-4847-9fc3-ed8bd5c56a86@s8g2000prg.googleg roups.com...
> On Dec 4, 12:33 am, "Hassan" wrote:
>> Say I have 4 servers(Server1-4) with different IP addresses that is
>> suppose
>> to runwww.mysite.comand these 4 web servers will be load balanced by a
>> software running on a 5th server say Server5.
>>
>> I have a public IP, a DNS name, my port 80 is open on all the 4 servers.
>>
>> I believe I need to open port 80 on the firewall right ?
> Not really. You need *a* open port on the 4 servers. Not necessarily
> port 80, but 80 is convenient.
>
>> Now how do i let the firewall know that it has to go to the load balance
>> first which will then round robin to those 4 Web Servers.
>> Do I have to stick in the private IP addresses of these Web Servers in
>> the
>> firewall ? If so, how do I set them up ?
>
> You don't let the Firewall know about any of of these things.
> Firewalls allow/deny traffic, not route traffic. You are talking about
> port-forwarding and NAT behavior.
>
> You have to:
> 1. Tell the NAT to forward all incoming requests for www.mysite.com to
> the load balancer on server #5
> 2. Tell server #5 to spread incoming traffic for www.mysite.com to the
> other four servers by IP:Port:Host, depending on the load-balancer's
> abilities
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //