RE: [squid-users] Redirect proxy traffic to another server.

From: Chris Robertson <crobertson@dont-contact.us>
Date: Mon, 22 Nov 2004 09:56:35 -0900

I've done very little with NAT using IPTABLES, and what I have done was a
while ago, so I may be off base, but the guide at
http://www.faqs.org/docs/iptables/targets.html#DNATTARGET seems to say your
first rule should be using "--to-destination" instead of "--to". If the two
are synonymous in this context, I apologize.

Chris

-----Original Message-----
From: dmalvin@dunwoody.edu [mailto:dmalvin@dunwoody.edu]
Sent: Monday, November 22, 2004 9:34 AM
To: squid-users@squid-cache.org
Subject: RE: [squid-users] Redirect proxy traffic to another server.

I already thought about swapping the IPs but there are some other services
running on the production server that I'd rather not have to install and
configure on the temporary proxy. I'll swap the IPs after all else fails.

The access.log file shows nothing while traffice is being redirected to it.
I eventually receive a page cannot be displayed message from the browser,
but not a squid error page. It seems that I'm not communicating at all with
squid through the redirect.

-----Original Message-----
From: Chris Robertson [mailto:crobertson@gci.com]
Sent: Monday, November 22, 2004 12:07 PM
To: squid-users@squid-cache.org
Subject: RE: [squid-users] Redirect proxy traffic to another server.

Have you eliminated swapping IPs for the duration of the compile/install. Or
just have server2 take both 192.168.0.1 and 192.168.0.2, and move server1 to
(something like) 192.168.0.3.

Sorry that doesn't actually answer your question. What does the access.log
on server2 show while traffic is being redirected to it?

As an aside, you don't HAVE to stop squid while you are compiling a new
version. Just while you are installing it.

Chris

-----Original Message-----
From: dmalvin@dunwoody.edu [mailto:dmalvin@dunwoody.edu]
Sent: Monday, November 22, 2004 8:52 AM
To: squid-users@squid-cache.org
Subject: [squid-users] Redirect proxy traffic to another server.

I'm not sure if what I'm attempting to do is possible and/or if I'm doing it
correctly. I'd like to redirect our proxy traffic to another server so I
don't have to reconfigure all the client machines.

I have two functional squid proxy servers, a production server (server1,
192.168.0.1:8080) and a test/backup server (server2, 192.168.0.2:8080). I'd
like to recompile squid on server1 (I want to add some options). So, while
squid is down on server1 I want to forward all request to server2. What
I've done so far is add these iptables rules on server1 in attempt to
forward the proxy traffic to server2: iptables -t nat -I PREROUTING -p tcp
-d 192.168.0.1 --dport 8080 -j DNAT --to 192.168.0.2 iptables -I FORWARD -s
$MY_IP_ADDRESS -p tcp -d 192.168.0.2 -j ACCEPT

A tcpdump on server2's internal NIC shows it's receiving the redirected
traffic but a tcpdump on server2's external NIC show no attempt to retrieve
the requested website.

Again I ask, is this possible and am I going about it the right way?
Received on Mon Nov 22 2004 - 11:56:42 MST

This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:01 MST