|
I have a situation where I need to have a single $vip:$port be masked to
many ports on a backend server. Can someone help with this? Here is what I
thought would work, but didn't:
# $port = "XXXX";
# iptables -A PREROUTING -t mangle -p tcp -s 0.0.0.0/0 <http://0.0.0.0/0> -d
0.0.0.0/0 <http://0.0.0.0/0> --dport $port -j MASK --set-mask 1
# ipvsadm -A -f 1 -s nq -p 600
# ipvsadm -a -f 1 -r $backend_host -g -w 1
Further explanation:
I need clients to go to http://$vip:$port to open a webpage and $port cannot
be defined as http because this is a service node not a client web server of
which there are many defined. Once a user is logged into the web page they
click on a link that kicks off an application on it's own dynamically
generated port which can be defined in a range (5901-5908). The web applet
is the access that is really desired.
Is there a way to use a combination of fwmark to a specific port which will
in turn allow any other port access? In other words so a user can do the
following:
1. http://$vip:$port - and access a dynamic web app on a different port
2. https://$vip:$port - same thing
3. ssh -l $user -p $port $vip - ssh directly into the backend node
|
