Re: [LARTC] PAT HOW to - IPTABLES
you can use squid as reverse proxy .. see cache_peer !! squid can load balance between 3 servers and cache it !! run squid on your box with real ip.. here you can see examples http://under-linux.org/7964-squid-atuando-como-proxy-reverso.html (pt-br) Indunil Jayasooriya wrote: Hi, I have a box running with iptables and iproute2. it has 3 ethernet cards. One for the internet. another for LAN and yet another for DMZ. @ DMZ ZONE I have 3 web servers. But I have only one real ip on my firewall. Now , I want to forward port 80 to theese 3 web servers. How can I do it? I searched a lot from google. But, still no luck. -- Thank you Indunil Jayasooriya ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- Sds. Alexandre Jeronimo Correa Onda Internet - http://www.ondainternet.com.br OPinguim Hosting - http://www.opinguim.net Linux User ID #142329 UNOTEL S/A - http://www.unotel.com.br ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Prioritizing based on HTTP Content-Type header
You can use STRING + CONSAVE modules !! mark packets... because string match only starter packet ... the others packets from the same connection isn´t marked.. consave can track this.. -j CONNMARK --restore-mark -m string --string 'string' --algo bm -j MARK --set-mark 1 -m string --string 'string2' --algo bm -j MARK --set-mark 2 -m mark --mark 1 -j CONNMARK --save-mark -m mark --mark 2 -j CONNMARK --save-mark Michael Alger wrote: I'm setting up a reverse-proxy on a limited-bandwidth pipe. The system is Debian etch on Linux 2.6, using squid as the proxy. As we've only got 5mbit to play with, what I'd really like to do is set up priority levels based on the Content-Type of the (outgoing) response: 1. text/* gets highest priority (along with application/x-javascript). 2. image/* gets middle priority. 3. */* gets lowest priority. Today I tried just using tc, with netfilter's string match module to select matching packets, with limited success: while it does match the packet containing the response header, additional packets in the same stream don't retain the fwmark (unsurprisingly). Does anyone have any ideas of -- or even better, experience with -- a stack which can achieve this? squid's built-in rate limiting doesn't have the concept of borrowing bandwidth, so that's out. I'm open to pretty much anything: userspace proxies (either in front of or replacing squid) are fine. Another option is simply to punish bandwidth hogs: the primary goal is to ensure downloads of large files don't slow down users that are browing webpages. Possibly just using SFQ will work for this, but I'm not sure. Any suggestions would be appreciated. I'm even open to changing platform (e.g. FreeBSD), but I'd prefer to stick with Debian as it's what I'm most comfortable with. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- Sds. Alexandre J. Correa Onda Internet www.ondainternet.com.br Linux User ID #142329 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] 2 links web going out by link1.. rest by link2
Hello !! On my linux gateway i have 2 adsl connections. how I make traffic that leaves to port 80 has left on link1 and the remaining left on link2 ? without marking packets with iptables... it´s possible ?! Thanks ! -- Sds. Alexandre J. Correa Onda Internet www.ondainternet.com.br Linux User ID #142329 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Routed network + web-cache
Nataniel, www.balabit.com/downloads/tproxy/linux-2.6/ patch squid, kernel and iptables !! Sds. Alexandre J Correa Onda Internet / OPinguim.net Webhosting www.ondainternet.com.br www.opinguim.net Adorean Alexandru Raul wrote: Nataniel Klug wrote: Hello all, I have a small ISP and I work all my clients networks over a routed network (now I am using 201.35.16.0/24 and 200.140.222.128/25 for my clients). The gateway server of the ISP is capable of running a web-cache (only http) using squid but I dont want that my clients go to the internet with the proxy/cache IP. Like when they enter in this site www.meuip.com.br it shows only the proxy/gw server ip and not the client ip. There is some way to make this happens? Att, Nataniel Klug ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc Yelow. From what i kow about squid it can't be done. You are stuck, becouse the proxy makes the request not the client thus you have proxy server ip. Some pages user a TCP header to recognise the ip behind the proxy server (X_FORWARDED_FOR i belive..) Good luck, Adorean Alexandru Raul ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc