On Thu, Dec 27, 2012 at 7:35 PM, Marco Fleckinger marco.fleckinger@wikipedia.at wrote:
Do we have one extra machine left. Then we could set up this as NAT-Router. This will replace another machine if we do not have one extra IP left. The original ports need to be forwarded to that then.
Cheers
Marco
-------- Original-Nachricht -------- Von: Leslie Carr lcarr@wikimedia.org Gesendet: Fri Dec 28 00:03:33 MEZ 2012 An: Wikimedia Mailing List wikimedia-l@lists.wikimedia.org Betreff: Re: [Wikimedia-l] No access to the Uzbek Wikipedia in Uzbekistan
On Thu, Dec 27, 2012 at 2:37 PM, Marco Fleckinger marco.fleckinger@wikipedia.at wrote:
Leslie Carr lcarr@wikimedia.org schrieb:
On Thu, Dec 27, 2012 at 1:39 PM, Marco Fleckinger marco.fleckinger@wikipedia.at wrote:
Just an idea, which is not very beautiful: What about a router
forwarding ports to the correct machine by using iptables? Would that also work in connection with search engines?
Are you suggesting we use different nonstandard ports for each different wiki/language combo that resides on the same IP ?
Yes exactly!
I guess that is theoretically possible with a more intrusive load balancer in the middle. We need the HOST information from the http header to be added as we have our varnish caches serving multiple services, not one(or more) per language/project combo. I'm pretty sure that lvs doesn't have this ability (which we use). Some large commercial load balancers have the ability to rewrite some headers, but that would be a pretty intensive operation (think lots of cpu needed, since it needs to terminate SSL and then rewrite headers) and would probably be expensive. If you have another way you think we can do this, I am all ears!
We may want to move this discussion to wikitech-l as all the technical discussions probably bore most of the people on wikimedia-l
Leslie
Wikimedia is a pretty big player. Has anyone from the foundation with some sort of fancy sounding title called up the ISP in question and asked "wtf?". The original email on wikimedia-l made it sound like the issue is unintentional.
-bawolff