yup, using squid seems logically. but if that proxy also has the load-balancing router as its gateway, it is still subject to the tcp session quirk :-) had the same trouble when i was involved with a similar project incorporating another layer of vpn.
Winelfred G. Pasamba wrote: > thanks. i think i had some of this kind of weirdness too in pfsense > using pf.conf manually > to load balance without failover -- i couldn't get to the internet on > the loadbalancing machine > although the loadbalancing was working from the internal network. > > looks like ip is loadbalanced but tcp is the problem. > > http://www.tipsternet.com/articles/advance%20routing.htm looks helpful > it says "Tip: Keep your router as a router. Don't start sticking > applications and services on it. Locally generated packets may seem to > work the same but they are exempt from certain routing logic and > manipulations." > > looks like better run squid in another box > > On Mon, Jul 6, 2009 at 3:44 PM, Alec Joseph Rivera<[email protected]> wrote: > >> Winelfred G. Pasamba wrote: >> >>> i'm been trying this "ip route add ... equalize..." thing. sometimes >>> it works, sometimes it doesn't. >>> >>> >> The thing with this is if you're testing from a single station you won't >> see much. But if you have many stations, looking at the outbound routes >> will show you that it works. It doesn't make sense for the router to >> keep on switching gateways, even if say gateway A is unresponsive for a >> while (not that long). It's the way IP works, it allows for delay. Try >> to get around this mechanism is usually not a good idea. Normal users >> won't notice a lot of disruption on the traffic anyway if setup correctly. >> >>> however failover is automatic and looks like it works. i can unplug >>> any of the routers and after some time all the pings to different >>> hosts work again. (dead route detection) >>> >>> i also see pings to google going out of routerA and pings to facebook >>> going out of routerB, which means routes are distributed. >>> >>> despite of successful pings i can't telnet to port 80 of google or >>> facebook, and i wonder why? >>> >>> >>> >> TCP Sessions are the key here and complicates the setup a bit. This is >> related to what the target sees on the source ip of the packets. You >> should look at netfilter's conntrack and packet mangling capability. >> >> >>> On Fri, Jul 3, 2009 at 7:22 PM, Alec Joseph Rivera<[email protected]> wrote: >>> >>> >>>> Try looking for LARTC on googs. It's got a lot of examples to help you >>>> achieve what you want. >>>> >>>> Agi >>>> >>>> Nelson Serafica wrote: >>>> >>>> >>>>> I have 2 isp provider (ISPA and ISPB) and I have 1 machine. The 2 isp >>>>> provide a modem/router and both of them hook up on the same switch. I >>>>> called it "PUBLIC SWITCH". My web server was connected also on the >>>>> PUBLIC SWITCH and use ISPA provided ip address and its gateway. >>>>> >>>>> What I want to do is also use ISPB on the same server. I have only 2 NIC >>>>> (1 on PUBLIC SWITCH and 1 on my private network) on my webserver. But >>>>> since it was connected on the PUBLIC SWITCH, I can use ISPB. >>>>> >>>>> I put ip address provided by ISPB as virtual (ifcfg-eth0:1) and the >>>>> metric gateway was 1. But I think this won't work as expected. >>>>> >>>>> Is there a way wherein I can use both ISP and their provided ip block on >>>>> my web server (just like a router)? My client is on a tight budget and >>>>> don't want to purchase another machine just for a load balancer. But >>>>> purchasing another NIC card is ok. >>>>> >>>>> The OS is CentOS 5.3 with kernel 2.6.18-128.el5. Upon Googling, there is >>>>> a patch on the kernel on how to do this but it seems old. Just asking a >>>>> recommendation on the list who is expert to this. >>>>> > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > > _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
