[PROB]: TP (iptables REDIRECT) on port 80, lvs, and squid

To:	<netfilter@xxxxxxxxxxxxxxx>, <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	[PROB]: TP (iptables REDIRECT) on port 80, lvs, and squid
From:	"Ian C. Sison" <ian.s@xxxxxxxxxx>
Date:	Thu, 17 Jan 2002 18:54:48 +0800 (PHT)

Hello (sorry for cross posting, but my problem involves both)

Setup:
                        +--| SQUID1 |----
                        |
                        +--| SQUID2 |----
                        |
           ---| LVS |---+--| SQUID3 |----
                        |
                        +--| SQUID4 |----


As you can see, i'm trying to emulate a Foundry L4. \8)


>> LVS is configured as the default route of a terminal server.
>> Naturally, LVS should implement transparent proxying via:

-t mangle -A PREROUTING  -p tcp -s ! 202.181.160.21/32 --dport 80 -j MARK 
--set-mark 3
-t nat -A PREROUTING -p tcp -s ! 202.181.160.21/32 -d 0/0 --dport 80 -j 
REDIRECT --to-port 80


>> LVS has 2 IPS:

202.181.160.11, the primary IP
202.181.160.12, the LVS VIP


>> LVS is configured to load balance (via dh) the 4 squid servers beneath it.

---- ipvsadm ------------------------------------
-A -f 3 -s dh
-a -f 3 -r 192.168.254.1:80 -g -w 1
-a -f 3 -r 192.168.254.2:80 -g -w 1
-a -f 3 -r 192.168.254.3:80 -g -w 1
-a -f 3 -r 192.168.254.4:80 -g -w 1
-A -t 202.181.160.12:80 -s dh
-a -t 202.181.160.12:80  -r 192.168.254.1:80 -g -w 1
-a -t 202.181.160.12:80  -r 192.168.254.2:80 -g -w 1
-a -t 202.181.160.12:80  -r 192.168.254.3:80 -g -w 1
-a -t 202.181.160.12:80  -r 192.168.254.4:80 -g -w 1
---- ipvsadm ------------------------------------

>>> All squid servers have dual IPs, one private, the other public
>>> All squid servers are configured for transparent proxy running:

-t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

and in squid.conf

-----------------------------------
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
-----------------------------------

And true enough, if i:

 telnet SQUID1 80, i get the response of the squid server.
 telnet LVS 80, i get the response of one of the squid servers.

However if i pass a packet through LVS from another box who's default
gateway is the LVS box, i get a:


IPVS connection entries
pro expire   state       source              virtual           destination
TCP 00:57.49 SYN_RECV    202.181.160.6:32782 202.181.160.11:80 192.168.254.1:80

and it just stops there, at SYN_RECV.


Ideas?  What am i exactly doing wrong?

iptables 1.2.4
ipvsadm  0.9.3
kernel   2.4.16

ian

<Prev in Thread]	Current Thread	[Next in Thread>
[PROB]: TP (iptables REDIRECT) on port 80, lvs, and squid, Ian C. Sison <= Re: [PROB]: TP (iptables REDIRECT) on port 80, lvs, and squid, Joseph Mack Re: [PROB]: TP (iptables REDIRECT) on port 80, lvs, and squid, Ian C. Sison Re: [PROB]: TP (iptables REDIRECT) on port 80, lvs, and squid, Joseph Mack Re: [PROB]: TP (iptables REDIRECT) on port 80, lvs, and squid, Ian C. Sison Re: [PROB]: TP (iptables REDIRECT) on port 80, lvs, and squid, mack@xxxxxxxxxxxx Re: [PROB]: TP (iptables REDIRECT) on port 80, lvs, and squid, Ian C. Sison Re: [PROB]: TP (iptables REDIRECT) on port 80, lvs, and squid, Joseph Mack Re: [PROB]: TP (iptables REDIRECT) on port 80, lvs, and squid, Ian C. Sison Re: [PROB]: TP (iptables REDIRECT) on port 80, lvs, and squid, mack@xxxxxxxxxxxx

Previous by Date:	Re: HELP: Arp Problem, Julian Anastasov
Next by Date:	using LVS with 2 servers, Jon Molin
Previous by Thread:	(no subject), Chris
Next by Thread:	Re: [PROB]: TP (iptables REDIRECT) on port 80, lvs, and squid, Joseph Mack
Indexes:	[Date] [Thread] [Top] [All Lists]