Tag Archives: transparent

Pen 0.29.0 released

Available here:

http://siag.nu/pub/pen/

And also here:

https://sourceforge.net/projects/penloadbalancer/files/Source/

Pen 0.29.0 introduces transparent reverse proxying on supported platforms,
which currently means Linux, FreeBSD and OpenBSD. This allows the backend
servers to see the client’s real address. It can be used in combination
with SSL termination.

Another improvement is that the server table size is no longer fixed
at startup but grows dynamically as servers are added. The -S option is
still accepted but doesn’t do anything. The client and connection tables
can also be expanded on the fly, reducing the number of restarts.

Full list of changes from 0.28.0:

150608 Released 0.29.0.

150528 Transparent reverse proxy support for Linux, FreeBSD and OpenBSD.

150527 Allow the client table size to be updated on the fly. Default size still 2048.
Allow the connection table size to be updated in the fly. Default still 500.
See penctl.1, options clients_max and conn_max.

150526 Introduced the macro NO_SERVER to be used instead of -1 to signify
error conditions and such.
Removed the fixed server table size along with the -S option.

150525 Fixed cosmetic bug in startup code which required port to be specified
on backend servers even if it was the same as the listening port.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Transparent Reverse Proxy on OpenBSD

Continuing this series of posts on transparent reverse proxy, here’s how to do it on OpenBSD.

The OpenBSD host running Pen has IP addresses 192.168.100.12 on em1 and 192.168.101.11 on em2. The client debian2 has IP address 192.168.100.2. and the server debian3 has IP address 192.168.101.3.

OpenBSD takes first price in the easy management department by not requiring any special firewall rules or policy routing whatsoever. Just start Pen exactly the same way as on Linux and FreeBSD:

sudo ./pen -df -O transparent 192.168.100.12:5001 192.168.101.3

The client sees a connection from 192.168.100.2 to 192.168.100.12. The server sees a connection from 192.168.100.2 to 192.168.101.3.

transparent-client-openbsd

transparent-server-openbsd

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Transparent Reverse Proxy on FreeBSD

A previous post described how to get transparent reverse proxy to work with Pen on Linux. The same functionality is available on FreeBSD.

The FreeBSD host running Pen has IP addresses 192.168.100.11 on em1 and 192.168.101.11 on em2. Like before, the client debian2 has IP address 192.168.100.2 and the server debian3 has IP address 192.168.101.3.

FreeBSD requires far less in the way of special preparations than Linux did in the earlier post; in fact, a single firewall rule is all we need:

ipfw add 10 fwd 127.0.0.1 tcp from any 5001 to any in recv em2

The Pen command is the same whether on Linux or FreeBSD:

sudo ./pen -df -O transparent 192.168.100.11:5001 192.168.101.3

And as before, the client sees a connection from 192.168.100.2 to 192.168.100.11, while the server sees a connection from 192.168.100.2 to 192.168.101.3.

transparent-client-freebsd

transparent-server-freebsd

Facebooktwittergoogle_plusredditpinterestlinkedinmail