LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

RE: I need for setting up one to many ports

from [Brad Hudson] [Permanent Link]
To: "'LinuxVirtualServer.org users mailing list.'" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: I need for setting up one to many ports
From: "Brad Hudson" <brad.hudson@xxxxxxxxx>
Date: Tue, 1 Nov 2005 07:57:57 -0600 
Here is the scenario:

$cip = client ip
$vip = virtual ip
$vport = virtual port
$node = real server
* = any port

Steps:
1.  $cip -> $vip:$vport -> $node:* (client connects to the virtual ip and
port and is routed to the real-server with persistence via whatever method
the client used to connect <ssh, http, telnet, etc.>)

2.  $node:* -> $vip:$vport -> $cip (real-server then accepts the connection
<ssh, telnet, http, etc.> and does what it should then responds back through
the virtual ip and port back to the client)

Does this help?

-----Original Message-----
From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Horms
Sent: Monday, October 31, 2005 9:27 PM
To: LinuxVirtualServer.org users mailing list.
Subject: Re: I need for setting up one to many ports

On Mon, Oct 31, 2005 at 03:54:53PM -0600, Brad Hudson wrote:
> I have a situation where I need to have a single $vip:$port be masked to
> many ports on a backend server. Can someone help with this? Here is what I
> thought would work, but didn't:
> # $port = "XXXX";
> # iptables -A PREROUTING -t mangle -p tcp -s 0.0.0.0/0 <http://0.0.0.0/0>
-d
> 0.0.0.0/0 <http://0.0.0.0/0> --dport $port -j MASK --set-mask 1
> # ipvsadm -A -f 1 -s nq -p 600
> # ipvsadm -a -f 1 -r $backend_host -g -w 1
> 
> Further explanation:
> I need clients to go to http://$vip:$port to open a webpage and $port
cannot
> be defined as http because this is a service node not a client web server
of
> which there are many defined. Once a user is logged into the web page they
> click on a link that kicks off an application on it's own dynamically
> generated port which can be defined in a range (5901-5908). The web applet
> is the access that is really desired.
> 
> Is there a way to use a combination of fwmark to a specific port which
will
> in turn allow any other port access? In other words so a user can do the
> following:
> 
> 1. http://$vip:$port - and access a dynamic web app on a different port
> 2. https://$vip:$port - same thing
> 3. ssh -l $user -p $port $vip - ssh directly into the backend node

I am sorry but I am confused. When a client clnnects to port X,
should they be sent to port X on the real-server, or is
there some mapping to turn X into Y? Perhaps an example would help.

-- 
Horms
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: FTP Bug Maybe?, Peter J Milanese
Next by Date:  RE: UltraMonkey3 and ldirectord.cf question, James Miller
Previous by Thread:  Re: I need for setting up one to many ports, Horms
Next by Thread:  Re: I need for setting up one to many ports, Horms
Indexes:  [Date] [Thread] [Top] [All Lists]