Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Linux Virtual Server>
  3. Users
DSR question
lvs at spiderhosting
Mar 2, 2001, 7:23 AM
Post #1 of 3 (338 views)
Permalink
I'm confused as to how Direct Server Return works when using IPCHAINS on the
real servers like this:
ipchains -A input -j REDIRECT 80 -d virtu.a.l.IP 80 -p tcp


I see how this allows the VIP to be redirected to the local port on a server
that isn't configured with the address of the VIP... But then when the reply
goes directly to the browser, the source IP is going to be ???. Does the
application track the incoming destination address (VIP) and build the reply
packet using that IP as the source IP even though there is no interface with
that IP on the box?

I currently have DSR working in a closed environment using IPCHAINS on the
real servers, but I just don't understandy why it is working...

If someone knows the answer I'd really appreciate a quick note.

Thanks,
Curtis
Re: DSR question [ In reply to ]
wensong at gnuchina
Mar 5, 2001, 5:54 AM
Post #2 of 3 (334 views)
Permalink
On Fri, 2 Mar 2001, LVS Account wrote:

> I'm confused as to how Direct Server Return works when using IPCHAINS on the
> real servers like this:
> ipchains -A input -j REDIRECT 80 -d virtu.a.l.IP 80 -p tcp
>

It is the transparent proxy feature. The Linux kernel must be compiled
with CONFIG_IP_TRANSPARENT_PROXY defined. With this feature, if the
protocol and destination address and/or port number of packets match the
REDIRECT rule, packets will be redirected to a local socket, even if the
destination address is not local.

Imagine a transparent proxy server, the destination of web request can
be any address, such as yahoo. Those web request packets can be
redirected to the local socket, so that the web proxy server can pick up
the web requests and serve them transparently.

Regards,

Wensong

>
> I see how this allows the VIP to be redirected to the local port on a server
> that isn't configured with the address of the VIP... But then when the reply
> goes directly to the browser, the source IP is going to be ???. Does the
> application track the incoming destination address (VIP) and build the reply
> packet using that IP as the source IP even though there is no interface with
> that IP on the box?
>
> I currently have DSR working in a closed environment using IPCHAINS on the
> real servers, but I just don't understandy why it is working...
>
> If someone knows the answer I'd really appreciate a quick note.
>
> Thanks,
> Curtis
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
Re: DSR question [ In reply to ]
mack.joseph at epa
Mar 5, 2001, 6:25 AM
Post #3 of 3 (335 views)
Permalink
LVS Account wrote:
>
> I'm confused as to how Direct Server Return works when using IPCHAINS on the
> real servers like this:
> ipchains -A input -j REDIRECT 80 -d virtu.a.l.IP 80 -p tcp

There is some info on transparent proxy in the HOWTO in the section starting at

http://www.linuxvirtualserver.org/Joseph.Mack/HOWTO/LVS-HOWTO_1.0-12.html#ss12.2

Joe

--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@epa.gov ph# 919-541-0007, RTP, NC, USA

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal