From: "S Mohan" <smohan@vsnl.com>
To: lartc@vger.kernel.org
Subject: RE: [LARTC] Routing + Proxying
Date: Sat, 08 Mar 2003 02:23:23 +0000 [thread overview]
Message-ID: <marc-lartc-104708952429802@msgid-missing> (raw)
In-Reply-To: <marc-lartc-104704348910384@msgid-missing>
My suggestion goes as follows:
Give 2 IP addresses for your firewall and DNAT each address to a server.
Then any name resolution would resolve in a round robin fashion thus
distributing load among two servers carrying the same web content. The
firewall rules can be given as a /30 netmask thus giving 4 IPs in the
rules.
Mohan
-----Original Message-----
From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]
On Behalf Of Martin A. Brown
Sent: Friday, March 07, 2003 7:37 PM
To: A. Peter Mee
Cc: lartc@mailman.ds9a.nl
Subject: Re: [LARTC] Routing + Proxying
Hello Pete,
: I am hoping to set up a pair of web servers that sit behind a
firewall. The
: firewall will have a single live ip address and the web servers will
be
: internal. So my question is a simple one, which I doubt there is a
simple
: solution to (if any).... but that's why I'm asking. ;-)
: In a simple setup of one firewall + one web server, the firewall
would map
: port 80 to the web server's port 80.
Sure....this could be netfilter DNAT.
: Would there be a way of 'splitting' or 'load balancing' the requests
between
: the two web servers such that one of the two following scenarios is
possible
: (or any others that you can think of):
Yes.
: 1) Each web server hosts a limited number of web sites & the firewall
: intelligently distributes the packets based on the requested url to
the
: respective web server.
This would require application layer logic, i.e., a very smart
proxy....you might examine squid [1].
: 2) Each web server hosts all web sites & the firewall intelligently
: distributes whole requests to an individual web server.
You should take a look at LVS [2]. This is probably a safer and more
robust solution to the problem you outline in your first paragraph.
: I've looked into a proxy sitting on the firewall, but this seems to
: pose an additional problem: if the DNS points at the firewall as the
IP
: address for the individual web site and the proxy is sitting at that
: address, how does it know to relay the request internally (this is
the
: part that I realise is not LARTC-based).
-Martin
[1] http://www.squid-cache.org/
[2] http://www.linuxvirtualserver.org/
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2003-03-08 2:23 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-03-07 13:23 [LARTC] Routing + Proxying A. Peter Mee
2003-03-07 14:06 ` Martin A. Brown
2003-03-08 2:23 ` S Mohan [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-104708952429802@msgid-missing \
--to=smohan@vsnl.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.