-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
|>What I want to accomplish:
|>
|>I want to be able to redirect all client http, ftp, real, winmedia,
|>nntp, and quicktime traffic to a netapp netcache acting as
|>a transparent
|>caching proxy for these protocols. The netcache does IP
|>spoofing, so I
|>want to make sure that the client IP is passed to the
|>cache so that the
|>origin server will see that IP in the request.
|>
|>Here is my intended network layout:
|>
|>Net
|>^
|>Linux Box -> cache
|>^
|>Clients
|
|
|
| how does the cache machine get its pages etc from the internet?
| via the Linux box?
|
|
Yes. The Linux box is the router as well. I was thinking about this a
bit more, and I'm not tied to the network layout I had presented in my
original post at all. I could also do something like this which I would
assume would be much easier:
~ Net
~ |
~ Linux Box (router)
~ |
- ------Switch------
~ | |
Clients Cache
|>Where I'm at:
|>I understand that the 2.2 kernel series made this sort of thing
|>relatively easy, but this is not the case with the 2.4 and
|>2.6 kernels.
|
|
| yes.
|
But there are workarounds are there not? This is where I got lost in
the available documentation.
|
|>I think that I need to apply a fwmark to packets coming in
|>on the client
|>interface destined for port 80 etc and then route those
|>packets to the
|>localhost on which the LVS director is listening and the
|>director will
|>forward the request using the NAT method to the cache. Is
|>this correct?
|>~ Does anyone have a similar setup that would be willing
|>to share some
|>config details?
|
|
| LVS is for loadbalancing ie you have multiple servers. Here you
| only have one cache box, so you don't need LVS.
|
I am aware that LVS' primary use is as a load balancer, but I also
thought that it could behave much the way commercial L4 switches do. My
hope was that I could direct traffic to the cache, but if the cache
fails, the traffic will go straight to the net instead. For this reason
policy routing did not appear as attractive. If LVS is not the tool for
this. and it appears it may not be, would you or anyone else on this
list recommend an alternative?
- --
Mason Schmitt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCMIsKbip6upg8pq8RAl8eAJ92TEtrnyDtww98IWBsfYYs4ueTXgCfQour
kUL9LcMJf0TUpkOojq0ZxK4=
=Wjz7
-----END PGP SIGNATURE-----
|