|
Hi,
> So the client is going to 12.34.56.78:80 & 12.34.56.78:443 you want to
> redirect them internally to 10.0.0.1:5678 & 10.0.0.1:5679 respectively?
> This can be done with a combination of LVS, fwmark and iptables DNAT
>
> First step is to mark the packets with a fwmark
>
> iptables -t mangle -A PREROUTING -d 12.34.56.78/255.255.255.255 -i eth0
> -p tcp -m tcp --dport 80 -j MARK --set-mark 0x1
> iptables -t mangle -A PREROUTING -d 12.34.56.78/255.255.255.255 -i eth0
> -p tcp -m tcp --dport 443 -j MARK --set-mark 0x1
>
> Second step is to change the destination port to the correct port using
> DNAT
>
> iptables -t nat -A PREROUTING -d 12.34.56.78/255.255.255.255 -i eth0 -p
> tcp -m tcp --dport 80 -j DNAT --to-destination 12.34.56.78:5678
> iptables -t nat -A PREROUTING -d 12.34.56.78/255.255.255.255 -i eth0 -p
> tcp -m tcp --dport 443 -j DNAT --to-destination 12.34.56.78:5679
>
> Third step is to load balance based off of the fwmark with persistance.
>
> ipvsadm -a -f 1 -s wlc -p 600
> ipvsadm -a -f 1 -r 10.0.0.1:0 -g -w 1
> ipvsadm -a -f 1 -r 10.0.0.2:0 -g -w 1
>
>
> This is all off the top of my head but it should work. Step two might
> be an issue because the iptable docs say the nat table only picks up
> socket creation packtes (aka SYN packets).
If it works this way, then Transparent proxy + LVS with Director should work in
2.4.x (ip table based). Have anyone tested it?
Horm, what's your opinion ?
Faruk
----------------------------------------------------------
This mail sent through AIT WebMail : http://www.ait.ac.th/
|
