LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: Lvs and Trans-Proxy

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: Lvs and Trans-Proxy
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Date: Thu, 23 Jun 2005 07:45:42 -0700 (PDT)

My problem is exactly same to what this user http://www.in-addr.de/pipermail/lvs-users/2002-March/005097.html is trying to do. But it seems neither could he do it.

My new setup is like this

   <cisco router>
    202.79.63.230 -----------
      |            |
      |            |
      |            |
      |            |
  eth0  202.79.63.240      |
   <Lvs server>         |
  eth1 192.168.10.1      |
      |            |
      |            |
      |            |
      |            |
fxp0 192.168.10.10       |
     <real server >         |
fxp1 202.79.63.241      |
      |            |
      |_________________|

do you have tabs in here? I can't read it. Try it with just blanks.

Lvs Server is Gentoo with Kernel 2.6.12 and ipvsadm v1.24

>>> On LVS

on the director

#ipvsadm -A -f 2
#ipvsadm -a -f 2 -r 192.168.10.10   (also tried with
ipvsadm -a -f 2 -r
202.79.63.241)

#iptables -t mangle -I PREROUTING -p tcp --dport 80 -j
MARK --set-mark 2

# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 1
>>>

Real server is on FreeBSD 5.3 with Trans proxy configured.
This was tested by
redirecting Http traffic from Cisco router to the Real
server directly. This
means there is no TP configuration issue in the Real Server.

I noticed that the LVS started forwarding packet to the
Real Server only after
I added this rule in LVS server
#iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT

I'm out of my depth here. Everyone had squids working with
2.4 kernels. I don't know whether there's bugs in 2.6
or I've forgotten how people did it. I need to add
the stuff about fwmarks to the HOWTO.

Tcpdump analysis showed that the LVS system changes the
Destination IP to VIP
when redirecting traffic to Real Server.

hmm this isn't good.

And the Real Server replies back with the VIP address in its source. For that reason I added another interface in Real server and routed return traffic to client via the new interface.

"The reply packet can get to the Client but it doesn't work since the client is getting reply from different server than the one to which it sent its request"

If the LVS server changes the Source IP of the return packet to that of host to which client sent its request then TP should work.

this is getting really complicated. We need a squid person
to answer this

> >  # iptables -nL -t nat
> >
> > Chain POSTROUTING (policy ACCEPT)
> > target     prot opt source               destination
> > MASQUERADE  all  --  192.168.10.0/24      0.0.0.0/0
>
> why do you do this? You don't need an iptables rules to make
> an LVS work.

did I miss the answer here?

Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml Homepage http://www.austintek.com/ It's GNU/Linux!

<Prev in Thread] Current Thread [Next in Thread>