|
Hello,
Im trying to implement LVS on a transparent proxy squid cache.
Director RIP: 10.142.142.9
VIP: 10.142.142.8
LVS-DR Kernel 2.4.18 ipvsadm 1.0.0 iptables-1.2.5-3 (RH 7.2)
Test Cache: RIP: 10.142.142.3
VIP: 10.142.142.8
Kernel 2.4.18 iptables-1.2.5-3 squid-2.4.STABLE5
(transparent proxying configured as indicated in
http://www.linuxdoc.org/HOWTO/mini/TransparentProxy.html)
On the director :
iptables -t mangle -A PREROUTING -i eth0 -p tcp -s 0/0 -d 0/0 --dport 80
-j MARK --set-mark 1
ipvsadm -A -f 1 -p
ipvsadm -a -f 1 -r 10.142.142.3:80 -g
On the cache
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 8088
Im using cisco to redirect http traffic (using cookbook configs indicated
at http://www.squid-cache.org/Doc/FAQ/FAQ-17.html).
Browsing on a client workstation, if i redirect traffic straight to the
cache, it will work. If i redirect traffic to the director, it just freezes.
I can connect to the director(VIP):80 and cache(RIP):80 from the client
via telnet.
Using iptraf, i can see the client's http request going into the director,
but it does not get forwarded to the cache.
Adding the following lines on the director:
iptables -t nat -A PREROUTING -i eth0 -p tcp -d 0/0 --dport 80 -j REDIRECT
--to-port 80
The request reaches the cache server but the destination has been
rewritten as VIP:80. Browsing on the client is unsuccessful.
Ive seen a similar email like this on the lvs archives but offered no
solid solutions. Has anyone gotten this setup to work??
Should i go back to kernel 2.2.x and ipchains on the director??
Thanks,
Paul
|
