"Paul P. Pongco" wrote:
>
> Hello,
>
> Im trying to implement LVS on a transparent proxy squid cache.
> Should i go back to kernel 2.2.x and ipchains on the director??
I assume you've read the HOWTO on transparent proxy for 2.4 and how it
doesn't work for LVS anymore. The netfilter people didn't realise
there was a problem, since the 2.4 TP still works with a squid.
They weren't in a great rush to fix it and we couldn't think
of any situation that couldn't be handled with fwmark.
You aren't using TP on the director, and are using fwmark
and you should be able to get it to work. You don't need to
go back to 2.2 then.
Your iptable commands look about right, but I can't tell for sure.
> Im using cisco to redirect http traffic
I don't know what this means or how it fits in here.
>I can connect to the director(VIP):80 and cache(RIP):80 from the client
> via telnet.
what do you see when you connect? The connection should hang if packets
aren't being forwarded to the squid.
>Adding the following lines on the director:
>iptables -t nat -A PREROUTING -i eth0 -p tcp -d 0/0 --dport 80 -j REDIRECT
--to-port 80
>The request reaches the cache server but the destination has been
>rewritten as VIP:80. Browsing on the client is unsuccessful.
you have the 2.4 TP problem on the director here.
Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|