LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Lvs and Trans-Proxy

To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Lvs and Trans-Proxy
From: "Bikrant Neupane" <bikrant@xxxxxxxxxxxx>
Date: Thu, 23 Jun 2005 01:40:44 +0545
I am sure people have asked this question many times. After going through
all the Howto pages and searching in google I am still not able to do
Transparent-Proxy using squid

This is what my setup looks like.

    <Cisco Router>
            |202.79.63.230
            |
            |
      eth0: 202.79.63.240
      <LVS Server>
   eth1: 192.168.10.1
            |
            |
            |
    eth0:192.168.10.10
     <Real Server>

The cisco router is the gatway for the LVS server and few more work
stations. It redirects the dst-port=80 traffic coming from workstation to
the LVS server (with ip policy route-map proxy-redirect). I can see the
redirected traffic coming to eth0 of the LVS server. But i am still not sure
how the LVS system intercepts those packets because the packets  have dst-IP
other than that of the LVS server.

If i telnet to 202.79.63.240 80 from workstation I can access the proxy.
That means LVS is accepting and forwarding the packet to Real Server when
the dst-ip is 202.79.63.240.

I have put following rules
>>>>>>>>
#ipvsadm -A -t 202.79.63.240:80
#ipvsadm -a -t 202.79.63.240:80 -r 192.168.10.10:80 -m

I even tried with
ipvsadm -A -t 0.0.0.0:80
ipvsadm -a -t 0.0.0.0:80 -r 192.168.10.10:80 -m
 :(

>>>>>>>>>
cat /proc/sys/net/ipv4/ip_forward
1

>>>>>>>>>>>
 # iptables -nL -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  192.168.10.0/24      0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


best regards,
Bikrant



<Prev in Thread] Current Thread [Next in Thread>