Re: [PATCH] Transparent proxy support for LVS with localnode and realser

To:	LVS Devel <lvs-devel@xxxxxxxxxxxxxxx>
Subject:	Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING) (fwd)
From:	Joseph Mack NA3T <jmack@xxxxxxxx>
Date:	Thu, 10 Jan 2008 06:51:42 -0800 (PST)

Hi Raphael,

I didn't see lvs-devel on the cc list. Hope youdon't mind if I forward this.


Joe

--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

---------- Forwarded message ----------
Date: Thu, 10 Jan 2008 15:14:23 +0100
From: Raphael Vallazza <raphael@xxxxxxxxxx>
To: Joseph Mack NA3T <jmack@xxxxxxxx>
Subject: Re: [PATCH] Transparent proxy support for LVS with localnode and
    realservers (WORKING)

Hello,

i wrote a very simple patch for ipvs that enables a kernel config optionthat allows to choose where IPVS intercepts incoming connections. These arethe options:
- LOCAL_IN (default: works as usual)
- PRE_ROUTING (puts LVS input right after the mangle PREROUTING and beforethe nat PREROUTING chain)
neat. I thought it was hard enough to move that it wouldn't be just an option:-)


Hehe, yes, it was pretty easy ;)

what we'd really like is ipvs hooked into the FORWARD chain. Can you do thistoo?

To be honest i don't understand the reason for hooking LVS into the FORWARDchain, because this way it would not get the LOCAL_IN traffic and at the sametime it would have the same NAT problem as with the LOCAL_IN hook. Maybe i'mmissing something, but it seems that PREROUTING is the best point for LVS toact like a real router, because it gets packets that haven't been NATed yet.The only negative thing is that traffic can't be filtered in a regular way, butusing fwmark and the mangle table the user can select the traffic that has tobe handled by LVS.

If you like i can also add this option, but i'm not sure if it's really useful:)

I tried it on some test boxes and it seems to work pretty well, i'll do somestress testing in the next few days. I could send you a setup example if youlike...
yes please



Ok, i'll try to write a short document/example ASAP.

Bye,
Raphael

--

:: e n d i a n
:: open source - open minds

:: raphael vallazza
:: phone +39 0471 631763  :: fax +39 0471 631764
:: http://www.endian.com  :: raphael (AT) endian.com
-
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING) (fwd), Joseph Mack NA3T <= Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING) (fwd), Joseph Mack NA3T Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING) (fwd), Raphael Vallazza Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING) (fwd), Joseph Mack NA3T Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING) (fwd), Raphael Vallazza Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING) (fwd), Joseph Mack NA3T

Previous by Date:	Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Raphael Vallazza
Next by Date:	Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING) (fwd), Joseph Mack NA3T
Previous by Thread:	[PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Raphael Vallazza
Next by Thread:	Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING) (fwd), Joseph Mack NA3T
Indexes:	[Date] [Thread] [Top] [All Lists]