hi everybody,
i have been investigating how vs will fit with ipchains. the very simplest
way to work with ipchains is to add a new target value, say VIRT, for
rules to the existing values (currently ACCEPT, DENY, REJECT, MASQ, REDIR,
and RETURN).
the existing ipchains utility could be used to set up virtual servers:
1. create a user-defined chain with one rule per server and make each rule
use the VIRT target.
2. create a rule in the input chain that watches for SYN TCP packets on
the ports of interest and directs such packets to the user-defined chain.
the existing ipchains implementation will catch setup packets and send
them to the user-defined chain. the first rule will match and then the
VIRT code kicks in: it will arbitrarily choose one of the servers in the
chain, set a masq entry accordingly, and ACCEPT the packet so it passes
past the input chain and gets demasq'd to the appropriate server.
what do you think?
Brad
brad@xxxxxxx | http:/www.pht.com/~brad/
|