ISO simple non-forking TCP connection forward/balance tool
I'm looking for a simple program I can use to forward incoming TCP connections to several other addr:port pairs. (including one on the machine itself.) Holding the connections open and passing the data back and forth until both parties close their ends. I need a solution that doesn't fork. One way to do it is just fork ad-hoc netcat pipes with inetd, but I'm trying to avoid the process overhead. An ssh tunnel is another option, but the crypto involves too much cpu overhead. I've investigaged ipnat rdr rules, but ipnat seems like it's too low-level, it wants to divert the packet directly w/o rewriting the from addr. This means that the return packet is a mismatch unless I make the machine running the forwarder into the router. I found a simple program called balance floating around out there, but unfortunately it uses an extremely naive fork-after-accept method that results in the same process overhead. Is there a simple kq-driven tcp forwarder out there? Is there a pure-TCP forwarding module for lighttpd? (or some other single-threaded app server?) Or is there a good way to do it in the kernel that I'm missing, and can someone direct me to an ipnat ruleset that creates new connections, so the TCP forwarding machine doesn't also need to be a router? Thanks very much for your help. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ISO simple non-forking TCP connection forward/balance tool
On Fri, Jan 22, 2010 at 2:01 PM, Chris Peiffer bsdli...@cabstand.comwrote: I'm looking for a simple program I can use to forward incoming TCP connections to several other addr:port pairs. (including one on the machine itself.) Holding the connections open and passing the data back and forth until both parties close their ends. I need a solution that doesn't fork. One way to do it is just fork ad-hoc netcat pipes with inetd, but I'm trying to avoid the process overhead. An ssh tunnel is another option, but the crypto involves too much cpu overhead. I've investigaged ipnat rdr rules, but ipnat seems like it's too low-level, it wants to divert the packet directly w/o rewriting the from addr. This means that the return packet is a mismatch unless I make the machine running the forwarder into the router. I found a simple program called balance floating around out there, but unfortunately it uses an extremely naive fork-after-accept method that results in the same process overhead. Is there a simple kq-driven tcp forwarder out there? Is there a pure-TCP forwarding module for lighttpd? (or some other single-threaded app server?) Or is there a good way to do it in the kernel that I'm missing, and can someone direct me to an ipnat ruleset that creates new connections, so the TCP forwarding machine doesn't also need to be a router? Thanks very much for your help. A few lines in python should do what you're looking for, see socket lib, twisted if you have high performance needs. -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ISO simple non-forking TCP connection forward/balance tool
Hi-- On Jan 22, 2010, at 12:01 PM, Chris Peiffer wrote: Or is there a good way to do it in the kernel that I'm missing, and can someone direct me to an ipnat ruleset that creates new connections, so the TCP forwarding machine doesn't also need to be a router? I don't know about ipnat, but natd (or kernel-level IPFW NAT functionality in newer versions of FreeBSD) redirect_port will do exactly what you've asked for: -redirect_port proto targetIP:targetPORT[,targetIP:targetPORT[,...]] [aliasIP:]aliasPORT [remoteIP[:remotePORT]] -redirect_address localIP[,localIP[,...]] publicIP These forms of -redirect_port and -redirect_address are used to transparently offload network load on a single server and distribute the load across a pool of servers. This function is known as LSNAT (RFC 2391). For example, the argument tcp www1:http,www2:http,www3:http www:http means that incoming HTTP requests for host www will be trans- parently redirected to one of the www1, www2 or www3, where a host is selected simply on a round-robin basis, without regard to load on the net. (Userland natd doesn't need to fork for individual connections.) Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ISO simple non-forking TCP connection forward/balance tool
Hi-- On Jan 22, 2010, at 12:21 PM, Adam Vande More wrote: A few lines in python should do what you're looking for, see socket lib, twisted if you have high performance needs. I'm a big fan of python, but you'd have to be careful to choose the right processing model-- some sort of select()/poll()/kqueue() wrapper with nonblocking I/O and process-towards-completion semantics rather than trying to do multithreaded approach, since the GIL will really interfere with concurrency. Note that the intended usage also matters quite a bit. For example, NAT-based solutions depend on the destinations being up all of the time and will happily drop a third (or whatever) of the traffic into the void if one of the backend boxes is down or a service is unresponsive. Software-based load-balancers which recognize and route around downed ports or boxes play nicer for this sort of thing, as do H/W load-balancer solutions like Foundry ServerIrons Citrix NetScalers, which have liveness checks built in to test destinations and make sure they stay up before distributing traffic onto them. There's also a question of whether the traffic ought to be stateful beyond individual connections, in which case software-based solutions like FastCGI or WebObjects which support session affinity are a much better idea than trying to write stateless services which have to persist to a backend database or something along those lines for every request. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ISO simple non-forking TCP connection forward/balance tool
Chris Peiffer wrote: I'm looking for a simple program I can use to forward incoming TCP connections to several other addr:port pairs. (including one on the machine itself.) Holding the connections open and passing the data back and forth until both parties close their ends. I need a solution that doesn't fork. One way to do it is just fork ad-hoc netcat pipes with inetd, but I'm trying to avoid the process overhead. See net/bsdproxy. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
