|
Ariel Pereira wrote:
> We have been trying to set up a LVS of transproxy but have no success.
there is some information on transparent proxy in the HOWTO section starting
http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO_1.0-12.html#ss12.2
I think your transparent proxy is probably the type used in webcaches which
is transparent web proxy (they are both called transparent proxy unfortunately).
and some info on setting up LVS squids by Andreas Koenig in
http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO_1.0-15.html
> Further testing show us a way to make the things work.
>
> We were testing with a LVS which was giving service 3128.
> In the same host we setup an ipchains rule which redirected 80 to 81 port,
> and a tproxy which redirect 81 to a Virtual IP on port 3128.
> This model never worked, for some reason de indirection or the use of the
> tproxy on the same host as the LVS doesn't work alltogether.
>
> ---------- ------------
> 80 | LVS | 3128 | RS | DOESN'T WORK
> ------->| VIP:3128 |------->| squid:3128 |
>
> | ipchains | | |
> | tproxy | | |
>
> ---------- ------------
the problem is that you are accepting packets on port 80 at the director and
the real-server is expecting packets on port 3218.
Here are some solutions and it depends a little on whether there is one IP
involved
(ie you're caching local webserver(s)) or many (you're caching the internet).
1. Ask people to make requests for that IP on 3128
2. Configure the squid to be transparent, ie to accept requests on port 80
3. use VS-NAT on the director and rewrite the ports (haven't tested this and
the rewritting will slow access, probably the opposite of what you want
in production, since the purpose of the squid is to speed access).
Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|
