NAME

Net::DNAT - Psuedo Layer7 Packet Processer

SYNOPSIS

use Net::DNAT;

run Net::DNAT <settings...>;

DESCRIPTION

This module is intended to be used for testing applications designed for load balancing systems. It listens on specified ports and forwards the incoming connections to the appropriate remote applications. The remote application can be on a separate machine or on the same machine listening on a different port and/or address.

SETTINGS

port

Specify which port or ports to listen on. See Net::Server for more details on the port setting and other Net::Server settings which may also be used with Net::DNAT.

Example: port => 80

user

User to switch to once the server starts. (Just used by Net::Server)

Example: user => "nobody"

group

Group to switch to once the server starts. (Just used by Net::Server)

Example: group => "nobody"

pools

Supply a hash ref of pool definitions. The key in the hash is the pool name. Its value is either one destination scalar or an array ref of one or more destinations. Each destination may be an IP address, a single host, or a hostname of a round robin dns to several IP addresses. Each destination may be followed by an optional :port to specify which port to connect to. The default is http (port 80) if none is specified.

Example: pools => { www => "web.server.com", dev => "dev.server.com", }

default_pool

Specify which key in the pools hash ref should be used if no specific pool could be determined based on the request information.

Example: default_pool => www

host_switch_table

Specify which hosts go to which pools.

Example: host_switch_table => { "server.com" => "www", "test.com" => "dev", }

switch_filters

Supply special header modifications or provide ability to compute destination pool based on arbitrary code. It takes an array ref of destination pairs. The first in the pair is either a regex or a code ref. The second of the pair is the destination pool name from the pools setting. If a regex is used, the pool is determined if the regex passes when filtered through the header request block. If a code ref is used, $_ will contain the request header block. If executing the code ref returns a true value, its corresponding pool with be used. This is meant to be thought of as a hash ref, but the order must be preserved, and refs do not work very well as hash keys, so it uses an array ref instead. Be aware that any modifications to $_ will also be passed on to the destination regardless of whether the code ref returned a true value or not. Also, the switch_filters are run before to the host_switch_table.

Example: switch_filters => [ qr%^Cookie:.*magic%im => "dev", sub { s/^(Host: )www\.%$1%im; 0; }, ]

PEER SOCKET SPOOF

This implementation does not actually translate the destination address in the packet headers and resend the packet, like true DNAT does. It is implemented like a port forwarding proxy. When a client connects, a new socket is made to the remote application and the connection is tunnelled to/from the client. This causes the peer side of the socket to appear to the remote application like it is coming from the Net::DNAT box instead of the real client. This peer modification side effect is usually fine for testing and developmental purposes, though.

HTTP

If you do not care about where the hits on your web server are coming from, then you do not need to worry about this section. If the remote application is the Apache 1.3.x web server, ( see http://httpd.apache.org/ ), then the Apache::DNAT module can be used to correctly and seemlessly UnDNATify this peer munging described above. If mod_perl is enabled for Apache, then add this line to its httpd.conf:

PerlModule Apache::DNAT
PerlInitHandler Apache::DNAT

If you cannot do this, (because it is a web server other than Apache, or you do not have mod_perl enabled, or you do not have access to the web server, or you just do not want the CPU overhead to fix the peer back to normal, or for whatever reason), then it will still function fine. Just the server logs will be inaccurate and the CGI programs will run with the wrong environment variables pertaining to the peer (i.e., REMOTE_ADDR and REMOTE_PORT).

INSTALL

See INSTALL document.

EXAMPLES

See demo/* from the distribution for some working examples.

TODO

Support for HTTP/1.1 protocol conversion to 1.0 protocol and back again.
Support for HTTP/1.1 KeepAlive timeout and KeepAliveRequests.
Support for SSL protocol conversion to plain text.
Support for html error pages for internal errors like Server outages.
Support for error logs.
Support for access logs.
Support for CVS protocol.
Support for FTP protocol.
Support for OOB channel data correctly.
Support for DNS protocol.
Support for periodic service checks (Net::Ping)
  to disable and enable forwarding.

LAYER

More information on network layers:

http://uwsg.iu.edu/usail/network/nfs/network_layers.html

COPYRIGHT

Copyright (C) 2002,
Rob Brown, rob@roobik.com

This package may be distributed under the same terms as Perl itself.

All rights reserved.

SEE ALSO

L<Apache::DNAT>,
L<Net::Server>,
L<IO::Multiplex>