Re: [squid-users] Squid + web server on same machine

From: Matus UHLAR - fantomas <uhlar@dont-contact.us>
Date: Tue, 14 Jun 2005 09:52:07 +0200

On 14.06 06:24, Nuno Ferreira wrote:
> I know that this probably has come in this archive but my search there
> didn't get me anything.
>
> I have a RH machine running SQUID proxy and Apache. On the web server I
> have a lot of virtual domains.
>
> The problem is that proxy users can't see those web sites (the ones hosted
> on the apache server as virtual servers).
>
> The mentioned machine is in the DMZ zone and nated outside to the public
> IP. This public IP is (of course) the ip of all the virtual hosts.
>
> There must be some conflict in the proxy server or in the httpd server
> that I really don't understand.

that is a problem on lower networking level - NAT. You have to setup DNS or
hosts file for your apache vhosts, which squid would use, and that would
show the internal IP of apache, not external one.

The problem is: "squid" connects to external IP from internal one. The
destination IP is changed on NAT server to real server's one, the source IP
(internal) is changed as-is. So data come to "apache" with source and
destination IP's from internal network - as if it came directly from
"squid". "apache" then responds directly to squid, not via NAT server, so
the data don't go through NAT server and the ip of "apache" is not
translated to external one. Finally, "squid" sees data going to external IP
and coming from internal one, so they are not taken as part of the same
stream and refuses them.

terms "apache" and "squid" do not mean real processes, but the machine those
services are on - even if it's the same. I hope they make this explanation
more clear.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
How does cat play with mouse? cat /dev/mouse
Received on Tue Jun 14 2005 - 01:52:08 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jul 01 2005 - 12:00:02 MDT