[ale] iptables redirect IP

Jim Kinney jim.kinney at gmail.com
Wed Jan 14 18:01:47 EST 2015 

On Wed, 2015-01-14 at 17:45 -0500, Chris Fowler wrote:
> RackSpace burnt me last night with a failed drive in a RAID on one of
> their hosts.  We were down 1.5 hours.
> 
> 
> In respsonse I brought up a guest at Digital Ocean and it is now
> slaving off the RS guest.  If RS goes down again I'll just promote
> it to master.
> 
> 
> 
> 
> This does not solve the problem of my users going to a web address
> that points to RS.  I can't change the DNS fast enough so I'm thinking
> I could use iptables to redirect their connection to the correct site.
> 
> 
> Failover will be automated, but human initiated.  One of the tasks
> will be to delete an iptables rule and apply another.  The system they
> will go to
> is at Norcross Peak 10.  The RS system is in Chicago and Digital Ocean
> in San Fran.  Each system has a public IP address and not on the same
> lan.
> 
> 
> I've done this before as pranks, but looking at implementing the idea
> of a load balance without the load balancer.  When I ran some tests to
> redirect PUBLIC_A:XXXX to PUBLIC_B:SSH  I did a who on PUBLIC_B and
> saw the address of A.  Not my desktop at home.  I do have MASQ running
> on A,  
> 
> 
> Is this the way this is supposed to be implemented?  Traffic will go
> to A then redirected to B.  I was hoping that A would redirect to B
> and then my desktop and B would be a direct connection.  

The client system is sending to DNS host named A. That lookup will
return A but you want B. Thus EVERY packet goes first to A then B. Can't
change what the client sees as where to send without poking code into a
router.

If you're using a web interface, use a redirect page on A then after the
first connect, all traffic for a client goes to B.

If A and B were on the same LAN segment, just spin up a vip on B to have
the IP of A while A gets it's outside IP turned down. Then routers take
over (hopefully).
> 
> 
> Is this correct?
> 
> 
> http://wiki.vpsget.com/index.php/Forward_%28redirect/nat%
> 29_traffic_with_iptables
> 
> 
> Chris
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

-- 
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain

http://heretothereideas.blogspot.com/

More information about the Ale mailing list