Re: [squid-users] transparently redirect traffic to the Squid with L4-7 switch

Because the L4 switch is just routing traffic through your Squid
machine. The destination on the packets is /still/ the origin server
the client is trying to reach. If the Squid machine has no redirect
rule, the packet will simply be routed through.

If iptables doesn't work for you, then you need to fix iptables. Not
using it isn't an option, if you want Squid to be an interception proxy
on Linux kernel 2.4.

irwin s wrote:
> Hi Copper,
>
> why is it that a local redirection is needed if my foundry sw is able to
> redirect port 80 traffic? Is it more to the fact that l4/l7 sw need to
> be able to do translation from port 80 to port 8080*my squid port)
>
> Is it possible for a workard to bypass iptables(as it crashed often, a
> pt. of failure here, iptables v.1.2.6a)
>
> currently:-
> rtr -> intercept port 80
>
> foundry sw -> accept port 80 traffic from rtr and distribute to squid
> svr port 80
>
> svr(RH7.2) -> iptables to do redirection from 80 to squid 8080
> apache run on port 80
> squid listen on port 8080
> iptables to redirect 80 from foundry net to port squid port 8080
>
> Many thks.
>
> RGds,
>
> irwin
>
>
>
>> From: Joe Cooper <joe@swelltech.com>
>> To: "Hicks, Rick" <RHicks@stantec.com>
>> CC: "'squid-users@squid-cache.org'" <squid-users@squid-cache.org>
>> Subject: Re: [squid-users] transparently redirect traffic to the Squid
>> with L4-7 switch
>> Date: Thu, 24 Oct 2002 18:00:57 -0500
>>
>> Hicks, Rick wrote:
>>
>>> Hi working an Alteon L4-7 webswitch to transparently redirect traffic
>>> to the
>>> Squid. We are running Squid on RedHat 7.2. We found examples in the
>>> docs(http://squid.visolve.com/faq.htm) on how to do this but all the
>>> examples use ipchains, 7.2 uses iptables. This is what we have done:
>>>
>>> httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy
>>> on httpd_accel_uses_host_header on
>>>
>>> The part that we can not figure it is how to do this with iptables ? or
>>> should we even have to do anything since our Alteon is redirecting
>>> all port
>>> 80 requests to port 3128 on the Squid - it does not seem to work
>>> however but
>>> we can see the requests are coming into the Squid box.
>>>
>>> ipchains -A input -j REDIRECT 3128 -p tcp -s <Your Network Address> -d
>>> 0.0.0.0/0 80 (do we need to do this at all, with iptables obviously
>>> on 7.2)
>>
>>
>> Yes, you still need local port redirection. The packet redirection at
>> the L4/L7 can't do it for you--even if you alter it to send to port 3128.
>> --
>> Joe Cooper <joe@swelltech.com>
>> Web caching appliances and support.
>> http://www.swelltech.com
>
>
>
> _________________________________________________________________
> Choose an Internet access plan right for you -- try MSN!
> http://resourcecenter.msn.com/access/plans/default.asp
>

-- 
Joe Cooper <joe@swelltech.com>
Web caching appliances and support.
http://www.swelltech.com