|
Have a look at Hogwash. It's a Snort derived packet mangler. Allen
from that project has been working on integrating it into iptables, and
some of the things he envisions will lead the the kind of features
you've got in mind, probably. It is not currently production ready,
though it is in use at some sites for intrusion prevention and detection
(but definitely not in use yet for the stuff we're talking about here).
http://hogwash.sourceforge.net/
It seems pretty interesting.
Zachariah Mully wrote:
Kjetil-
I ended up separating the services onto different IPs as I
realized that I would have to find a way to do load-balancing on URL's for
me to keep my current setup (all namebased virtual hosts). I realize that
LVS is purely a IP based system, but is there a way to LB on URL using a
combination of software? For instance is there anything that could examine
the HTTP request then use fwmarks to mark a packet before it hits the
loadbalancer? My ip knowledge is minimal, but isn't this what some iDS's,
like snort, are able to do?
thanks for the help all.
Zack
On 15 Sep 2001, Kjetil Torgrim Homme wrote:
Joseph Mack <mack@xxxxxxxxxxx> writes:
I haven't done this, and this is just off the top of my head, but
you could setup using fwmarks. You could give fwmark=1 to the
regular service and a persistent fwmark=2 to the other service.
hmm, I don't see why you can't do this with just a regular VIP:port
and a persistent VIP:port. The two entries in the ipvsadm table are
independant. I know you explained your situation in detail, but I
don't have the answer
This should be easy using NAT, but the OP said he used DR. I don't
think routing can care about port numbers. Perhaps an additional
IP-address for each RS can do the trick.
Kjetil T.
--
Joe Cooper <joe@xxxxxxxxxxxxx>
Affordable Web Caching Proxy Appliances
http://www.swelltech.com
|
