RE: [squid-users] Redirect proxy traffic to another server.

From: <dmalvin@dont-contact.us>
Date: Mon, 22 Nov 2004 13:53:16 -0600

Yeah, the two are synonymous.

-----Original Message-----
From: Chris Robertson [mailto:crobertson@gci.com]
Sent: Monday, November 22, 2004 12:57 PM
To: squid-users@squid-cache.org
Subject: RE: [squid-users] Redirect proxy traffic to another server.

I've done very little with NAT using IPTABLES, and what I have done was a while ago, so I may be off base, but the guide at http://www.faqs.org/docs/iptables/targets.html#DNATTARGET seems to say your first rule should be using "--to-destination" instead of "--to". If the two are synonymous in this context, I apologize.

Chris

-----Original Message-----
From: dmalvin@dunwoody.edu [mailto:dmalvin@dunwoody.edu]
Sent: Monday, November 22, 2004 9:34 AM
To: squid-users@squid-cache.org
Subject: RE: [squid-users] Redirect proxy traffic to another server.

I already thought about swapping the IPs but there are some other services running on the production server that I'd rather not have to install and configure on the temporary proxy. I'll swap the IPs after all else fails.

The access.log file shows nothing while traffice is being redirected to it. I eventually receive a page cannot be displayed message from the browser, but not a squid error page. It seems that I'm not communicating at all with squid through the redirect.

-----Original Message-----
From: Chris Robertson [mailto:crobertson@gci.com]
Sent: Monday, November 22, 2004 12:07 PM
To: squid-users@squid-cache.org
Subject: RE: [squid-users] Redirect proxy traffic to another server.

Have you eliminated swapping IPs for the duration of the compile/install. Or just have server2 take both 192.168.0.1 and 192.168.0.2, and move server1 to (something like) 192.168.0.3.

Sorry that doesn't actually answer your question. What does the access.log on server2 show while traffic is being redirected to it?

As an aside, you don't HAVE to stop squid while you are compiling a new version. Just while you are installing it.

Chris

-----Original Message-----
From: dmalvin@dunwoody.edu [mailto:dmalvin@dunwoody.edu]
Sent: Monday, November 22, 2004 8:52 AM
To: squid-users@squid-cache.org
Subject: [squid-users] Redirect proxy traffic to another server.

I'm not sure if what I'm attempting to do is possible and/or if I'm doing it correctly. I'd like to redirect our proxy traffic to another server so I don't have to reconfigure all the client machines.

I have two functional squid proxy servers, a production server (server1,
192.168.0.1:8080) and a test/backup server (server2, 192.168.0.2:8080). I'd like to recompile squid on server1 (I want to add some options). So, while squid is down on server1 I want to forward all request to server2. What I've done so far is add these iptables rules on server1 in attempt to forward the proxy traffic to server2: iptables -t nat -I PREROUTING -p tcp -d 192.168.0.1 --dport 8080 -j DNAT --to 192.168.0.2 iptables -I FORWARD -s $MY_IP_ADDRESS -p tcp -d 192.168.0.2 -j ACCEPT

A tcpdump on server2's internal NIC shows it's receiving the redirected traffic but a tcpdump on server2's external NIC show no attempt to retrieve the requested website.

Again I ask, is this possible and am I going about it the right way?
Received on Mon Nov 22 2004 - 12:53:17 MST

This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:01 MST