Re: Lvs and Trans-Proxy

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: Lvs and Trans-Proxy
From:	"Bikrant Neupane" <bikrant@xxxxxxxxxxxx>
Date:	Fri, 24 Jun 2005 20:38:33 +0545

> On Fri, 24 Jun 2005, Bikrant Neupane wrote:
>
> > TP is working now.  These two rules worked like magic for me
>
> could you write up what you did on the director and realserver(s)
> to get this to work and I'll put it in the HOWTO for the next
> poor sod.

   <cisco router>
    202.79.xx.230
       |
       |-------------------------|-----------------------|
       |                         |                       |
       |                         |                       |
 eth0: 202.79.xx.240    fxp0 202.79.xx.241        202.79.xx.235
    <Director>           <real server >             <client>
    (gw: cisco)           (gw: cisco)              (gw: cisco)

I have the director and the real server in same subnet with public IP.
I have the client in same subnet but that is not required. Client can be any
where in the network but the traffic from the client should pass through the
cisco router.

working:
*client makes http request.
*cisco router redirects the http request to the Director.
*Director then redirects the traffic to the Real Server.
*Real server then make the http request. Note that the request and return
traffic from the real server doesn't pass through the director.


Director:
Gentoo Linux with 2.6.10 Kernel

>>>>
Director Configuration:

ipvsadm -A -f 1 -s sh
ipvsadm -a -f 1 -r 202.79.xx.241:80


iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 1

//magic commands for me
ip rule add prio 100 fwmark 1 table 100
ip route add local 0/0 dev lo table 100

echo 0 >  /proc/sys/net/ipv4/ip_forward

>>>

Real server Configuration:
    Real server in my case is FreeBSD 5.3 with Squid Configured with
trans-proxy setup.
    There is nothing special about it
>>>

  IP configurtion:

>>
  Director:
  eth0: 202.79.xx.240 netmask 255.255.255.0
  default gw: 202.79.xx.230
>>
  Real Server:
  eth0: 202.79.xx.241 netmask 255.255.255.0
  default gw: 202.79.xx.230
>>
  Cisco Router:
 interface Ethernet0/0
 ip address 202.79.xx.230 255.255.255.0
 ip policy route-map proxy-redirect

access-list 110
     access-list 110 deny tcp host 202.79.xx.241 any eq 80
     access-list 110 permit tcp 202.79.xx.0 0.0.0.255 any eq 80

 route-map proxy-redirect permit 10
    match ip address 110
    set ip next-hop 202.79.xx.240
>>

Please let me know if there is any confusion in above configuration.

>
> Thanks Joe

With regards,
Bikrant

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Lvs and Trans-Proxy, (continued) Re: Lvs and Trans-Proxy, kwijibo Re: Lvs and Trans-Proxy, Bikrant Neupane Re: Lvs and Trans-Proxy, Joseph Mack NA3T Re: Lvs and Trans-Proxy, Bikrant Neupane Re: Lvs and Trans-Proxy, Joseph Mack NA3T Re: Lvs and Trans-Proxy, Bikrant Neupane Re: Lvs and Trans-Proxy, Joseph Mack NA3T Re: Lvs and Trans-Proxy, Con Tassios Re: Lvs and Trans-Proxy, Bikrant Neupane Message not available Re: Lvs and Trans-Proxy, Joseph Mack NA3T Re: Lvs and Trans-Proxy, Bikrant Neupane <= Re: Lvs and Trans-Proxy, Joseph Mack NA3T Re: Lvs and Trans-Proxy, Joseph Mack NA3T Re: Lvs and Trans-Proxy, Joseph Mack NA3T

Previous by Date:	RE: LVS-TUN: How to test if ISP allows it?, Joseph Mack NA3T
Next by Date:	Re: Lvs and Trans-Proxy, Joseph Mack NA3T
Previous by Thread:	Re: Lvs and Trans-Proxy, Joseph Mack NA3T
Next by Thread:	Re: Lvs and Trans-Proxy, Joseph Mack NA3T
Indexes:	[Date] [Thread] [Top] [All Lists]