Interception / redirection of traffic to transparent web cache (not squ

To:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject:	Interception / redirection of traffic to transparent web cache (not squid)
From:	Mason Schmitt <mason.schmitt@xxxxxxxxxxx>
Date:	Wed, 09 Mar 2005 11:02:09 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello all,

First, I have attempted to understand the how-to and how it applies to
me, failing that I have looked through the mailing list archives and
found what I thought were answers to my problem, but I'm still no
further ahead.  Any help anyone can provide would be much appreciated.

What I want to accomplish:

I want to be able to redirect all client http, ftp, real, winmedia,
nntp, and quicktime traffic to a netapp netcache acting as a transparent
caching proxy for these protocols.  The netcache does IP spoofing, so I
want to make sure that the client IP is passed to the cache so that the
origin server will see that IP in the request.

Here is my intended network layout:

Net
^
Linux Box -> cache
^
Clients

The Linux box is a firewall running Mandrake 10.0 with a 2.6 kernel with
iptables, lvs, fwmark etc compiled as modules.  I have been using
shorewall as the firewall script generator for this box.  As you can see
I have three interfaces with routing happening between each interface
(no bridging between the client interface and the cache interface).

The cache is a Netapp NetCache 2100 - i.e. not squid.  However, it
accepts connections on port 3128 just like squid.


Where I'm at:
I understand that the 2.2 kernel series made this sort of thing
relatively easy, but this is not the case with the 2.4 and 2.6 kernels.

I think that I need to apply a fwmark to packets coming in on the client
interface destined for port 80 etc and then route those packets to the
localhost on which the LVS director is listening and the director will
forward the request using the NAT method to the cache.  Is this correct?
~ Does anyone have a similar setup that would be willing to share some
config details?

Thank you to anyone that is able to point me in the right direction.

- --
Mason Schmitt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCL0gxbip6upg8pq8RAlo1AJ9kQxg0XqXpg9dFNPLqYaErdaVz3wCbBsXf
IYPe2du1tWlEop2mwv6fL0I=
=NI8g
-----END PGP SIGNATURE-----

<Prev in Thread]	Current Thread	[Next in Thread>
Interception / redirection of traffic to transparent web cache (not squid), Mason Schmitt <= Re: Interception / redirection of traffic to transparent web cache (not squid), Mack . Joseph Re: Interception / redirection of traffic to transparent web cache (not squid), Mason Schmitt Re: Interception / redirection of traffic to transparent web cache (not squid), Mack . Joseph

Previous by Date:	Re: local node on failover server., Jan Klopper
Next by Date:	Solution to my NAT problems, Ryan McCain
Previous by Thread:	Netware 6.x as a realserver, Ryan McCain
Next by Thread:	Re: Interception / redirection of traffic to transparent web cache (not squid), Mack . Joseph
Indexes:	[Date] [Thread] [Top] [All Lists]