On Thu, 10 Jan 2008, Raphael Vallazza wrote:
Hello,
i wrote a very simple patch for ipvs that enables a kernel config option that
allows to choose where IPVS intercepts incoming connections. These are the
options:
- LOCAL_IN (default: works as usual)
- PRE_ROUTING (puts LVS input right after the mangle PREROUTING and before
the nat PREROUTING chain)
neat. I thought it was hard enough to move that it wouldn't
be just an option :-)
By selecting the PRE_ROUTING option transparent proxying is possible (i've
tried in DR and NAT mode), because packets are sent to real servers before
NAT, this way the realserver can do a DNAT/REDIRECT etc. to send the packets
to the proxy application. This also works for the localnode, because packets
go thru the PREROUTING after LVS, and ther could be DNATed/REDIRECTed.
great.
what we'd really like is ipvs hooked into the FORWARD chain.
Can you do this too?
I tried it on some test boxes and it seems to work pretty well, i'll do some
stress testing in the next few days. I could send you a setup example if you
like...
yes please
Thanks Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
-
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
