tis 2002-11-12 klockan 16.58 skrev Bennett F. Dill:
> This looks good to me, but since my box is the firewall and runs apache
> vservers on both nics, do i need a line that says something like
>
> dest = $EXT_IF, port = 80 redirect to $EXT_IF port 80
> dest = $INT_IF, port = 80 redirect to $INT_IF port 80
> ??
What are you talking about here. Where is the connection between Squid,
Transparent Proxying and Apache?
What you most likely need is firewall rules that do NOT send requests
for your vservers to Squid. Generally any local addresses of the same
server should be excluded from transparent interception.
> Also, the FAQ shows --enable-ipf-transparent must be used as a compile
> option, how can i determine if that was used for my box? I am running
> debian and installed squid via apt-get and I'm not certian which options
> were used when squid was compiled.
Just try
telnet www.yahoo.com 80
GET / HTTP/1.0
[blank line]
From a client going via the proxy router/firewall.
If it shows up as GET http://ip.of.yahoo.com/ in your access.log and you
get lots of HTML content back then everything is fine. If the IP shown
is the IP address of your Squid server and then it is not..
> Since im only interested in doing the transparent caching for the
> internal network, can i simply specify the nic to forward on with
> iptables?
Squid does not care about what NIC you have.. one, two, twenty, squid
just uses networking as provided by your OS.
> Finally, the FAQ doesn't mention it, but will i need to modify my apache
> configuration at all?
Why?
Squid is not Apache.
They should be running on different ports. If not you must make sure
Apache only listens on specific IP addresses and so for Squid
(http_port).
Regards
Henrik
Received on Tue Nov 12 2002 - 11:02:34 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:18 MST