Score:1

Reverse proxy forwarding

sa flag

Could you help me?

sudo echo "1" > /proc/sys/net/ipv4/ip_forward
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 1.1.1.1
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 2.2.2.2
sudo iptables -t nat -A POSTROUTING -j MASQUERADE

I am using these iptables rules to create loadbalancing servers. I am just distributing .mp4 and .mp3 contents, but these rules is using the server bandwidth that I am using for make this forwarding instead of the destination server bandwidth.

How can I solve this? The user must use the destination server bandwidth instead the redirect server. Thank you.

Lester avatar
fr flag
"The user must use the destination server bandwidth instead the redirect server" Why do you think this will work? You are sending traffic to the proxy server and doing a NAT, of course its "bandwidth will be used". Explore another method such as using an HTTP proxy with redirects.
Makoa avatar
sa flag
Yes, some bandwidth will be used, but the redirect server is being overloaded because seems that it's using these .mp4 and .mp3 files instead of just redirect users to destination server. The destination server that should provide those files to users, instead of redirect. Isn't possible doing this with iptables?
vidarlo avatar
ar flag
No, you can't. When you do routing, the traffic goes via you. That said, routing is in many cases cheaper than disk reads, so it may make sense to have a router capable of handling the traffic. 10G routers are not *that* uncommon these days.
Score:2
ar flag

How can I solve this? The user must use the destination server bandwidth instead the redirect server. Thank you.

Generally there's a few ways:

  1. Use Round Robin DNS. All servers share the same name, but on different IP's. Clients will pick a random server.
  2. Use redirects to send the users to an appropriate server.
  3. Use Anycast. All servers have the same IP. Due to the way routing works, users will generally connect to a local one.

Round Robin DNS and redirects is generally something you can configure yourself. For anycast you will have to either be able to announce BGP in multiple regions yourself, and involve yourself with multiple ISPs around the world.

Another excellent idea would be to simply ignore the problem, and slap a service such as Cloudflare or Akami in front, and let them handle load balancing. If you want more control, it's also possible to host the content in a cloud solution such as Azure or Google Cloud, where you to a lesser extent have to worry about load for getting things from blob storage.


What your rules do

With your rules, you rewrite the destination of the packet, and send them on to a different server. In addition you masquerade them, so that it to the backend servers seems the package came from your frontend. The backend dutyfully answers, sending the reply packet back to your frontend, which looks up in it's table where that connection came from, and sends the packet to the original client. The server - which is really a router, has to touch the packets to rewrite headers, and all packets has to go via that server.

In many cases such a setup can make a lot of sense. It's rather trivial to route lots of traffic, and it's easy and robust to configure. It allows for High Availability, where you drop servers not responding, and for loads that are not stateful, it's extremely easy to increase capacity - as long as your router can handle the amount of traffic.

Makoa avatar
sa flag
Unfortunately, what I'm looking for is more related to iptables
vidarlo avatar
ar flag
Then you are barking up the wrong tree.
vidarlo avatar
ar flag
@Makoa I updated the answer to explain why it behaves the way it does.
Makoa avatar
sa flag
"The server - which is really a router, has to touch the packets to rewrite headers, and all packets has to go via that server." - This explains why my redirect server is using a lot of bandwidth, thank you so much
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.