RE: [squid-users] Squid + web server on same machine

From: Nuno Ferreira <nfaf@dont-contact.us>
Date: Tue, 14 Jun 2005 19:31:26 +0900

Hi,

        And how can i set up that file ? the Squid and Apache server is
also a dnscache server (to resolve hosts to squid) and ig I put the
hosts on the hosts file it doesn't work...

Thanks

Nuno Ferreira

-----Original Message-----
From: Matus UHLAR - fantomas [mailto:uhlar@fantomas.sk]
Sent: Tuesday, June 14, 2005 4:52 PM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid + web server on same machine

On 14.06 06:24, Nuno Ferreira wrote:
> I know that this probably has come in this archive but my search there
> didn't get me anything.
>
> I have a RH machine running SQUID proxy and Apache. On the web server
I
> have a lot of virtual domains.
>
> The problem is that proxy users can't see those web sites (the ones
hosted
> on the apache server as virtual servers).
>
> The mentioned machine is in the DMZ zone and nated outside to the
public
> IP. This public IP is (of course) the ip of all the virtual hosts.
>
> There must be some conflict in the proxy server or in the httpd server
> that I really don't understand.

that is a problem on lower networking level - NAT. You have to setup DNS
or
hosts file for your apache vhosts, which squid would use, and that would
show the internal IP of apache, not external one.

The problem is: "squid" connects to external IP from internal one. The
destination IP is changed on NAT server to real server's one, the source
IP
(internal) is changed as-is. So data come to "apache" with source and
destination IP's from internal network - as if it came directly from
"squid". "apache" then responds directly to squid, not via NAT server,
so
the data don't go through NAT server and the ip of "apache" is not
translated to external one. Finally, "squid" sees data going to external
IP
and coming from internal one, so they are not taken as part of the same
stream and refuses them.

terms "apache" and "squid" do not mean real processes, but the machine
those
services are on - even if it's the same. I hope they make this
explanation
more clear.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
How does cat play with mouse? cat /dev/mouse
Received on Tue Jun 14 2005 - 04:31:36 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jul 01 2005 - 12:00:02 MDT