NAME Net::DNAT - Psuedo Layer7 Packet Processer SYNOPSIS use Net::DNAT; run Net::DNAT ; DESCRIPTION This module is intended to be used for testing applications designed for load balancing systems. It listens on specified ports and forwards the incoming connections to the appropriate remote applications. The remote application can be on a separate machine or on the same machine listening on a different port and/or address. PEER SOCKET SPOOF This implementation does not actually translate the destination address in the packet headers and resend the packet, like true DNAT does. It is implemented like a port forwarding proxy. When a client connects, a new socket is made to the remote application and the connection is tunnelled to/from the client. This causes the peer side of the socket to appear to the remote application like it is coming from the Net::DNAT box instead of the real client. This peer modification side effect is usually fine for testing and developmental purposes, though. HTTP If you do not care about where the hits on your web server are coming from, then you do not need to worry about this section. If the remote application is the Apache 1.3.x web server, ( see http://httpd.apache.org/ ), then the Apache::DNAT module can be used to correctly and seemlessly UnDNATify this peer munging described above. If mod_perl is enabled for Apache, then add this line to its httpd.conf: PerlModule Apache::DNAT PerlInitHandler Apache::DNAT If you cannot do this, (because it is a web server other than Apache, or you do not have mod_perl enabled, or you do not have access to the web server, or you just do not want the CPU overhead to fix the peer back to normal, or for whatever reason), then it will still function fine. Just the server logs will be inaccurate and the CGI programs will run with the wrong environment variables pertaining to the peer (i.e., REMOTE_ADDR and REMOTE_PORT). EXAMPLE CONFIGURATION HARDWARE: \ | | / \_|_____|_/ / \ | | | INTERNET | | | \_________/ | | ======|========= Firewall ================ | _____|_____ Public Interface (x.x.x.x) | | | Net::DNAT | |___________| | Private Interface (10.0.0.1) | | _________________________ \__| Apache::DNAT (10.0.0.2) | | |_________________________| | | _________________________ H \__| Apache::DNAT (10.0.0.3) | U | |_________________________| B | | _________________________ \__| Apache::DNAT (10.0.0.4) | | |_________________________| | | _________________________ \__| Apache::DNAT (10.0.0.5) | |_________________________| SOFTWARE: #!/usr/bin/perl # Program: dnat.pl # Run this at startup on the box with both # the public and the private interfaces. use strict; use Net::DNAT; my $pools = { main => [ "10.0.0.2", "10.0.0.3" ], banner => "10.0.0.4", devel => "10.0.0.5:8080", }; my $site2pool = { "site.com" => "main", "www.site.com" => "main", "banner.site.com" => "banner", "dev.site.com" => "devel", }; run Net::DNAT port => 80, pools => $pools, default_pool => "main", host_switch_table => $site2pool, ; EXAMPLES See demo/* from the distribution for some more examples. TODO Support for HTTP/1.1 protocol conversion to 1.0 protocol and back again. Support for HTTP/1.1 KeepAlive timeout and KeepAliveRequests. Support for SSL protocol conversion to plain text. Support for html error pages for internal errors like Server outages. Support for error logs. Support for access logs. Support for CVS protocol. Support for FTP protocol. Support for OOB channel data correctly. Support for DNS protocol. Support for periodic service checks (Net::Ping) to disable and enable forwarding. LAYER More information on network layers: http://uwsg.iu.edu/usail/network/nfs/network_layers.html COPYRIGHT Copyright (C) 2002, Rob Brown, rob@roobik.com This package may be distributed under the same terms as Perl itself. All rights reserved. SEE ALSO L, L, L