LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: DSR question

To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: DSR question
From: Wensong Zhang <wensong@xxxxxxxxxxxx>
Date: Mon, 5 Mar 2001 20:54:13 +0800 (CST)
On Fri, 2 Mar 2001, LVS Account wrote:

> I'm confused as to how Direct Server Return works when using IPCHAINS on the
> real servers like this:
> ipchains -A input -j REDIRECT 80 -d virtu.a.l.IP 80 -p tcp
>

It is the transparent proxy feature. The Linux kernel must be compiled
with CONFIG_IP_TRANSPARENT_PROXY defined. With this feature, if the
protocol and destination address and/or port number of packets match the
REDIRECT rule, packets will be redirected to a local socket, even if the
destination address is not local.

Imagine a transparent proxy server, the destination of web request can
be any address, such as yahoo. Those web request packets can be
redirected to the local socket, so that the web proxy server can pick up
the web requests and serve them transparently.

Regards,

Wensong

>
> I see how this allows the VIP to be redirected to the local port on a server
> that isn't configured with the address of the VIP... But then when the reply
> goes directly to the browser, the source IP is going to be ???.  Does the
> application track the incoming destination address (VIP) and build the reply
> packet using that IP as the source IP even though there is no interface with
> that IP on the box?
>
> I currently have DSR working in a closed environment using IPCHAINS on the
> real servers, but I just don't understandy why it is working...
>
> If someone knows the answer I'd really appreciate a quick note.
>
> Thanks,
> Curtis
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>



<Prev in Thread] Current Thread [Next in Thread>