[squid-users] reverse proxy / redirector

From: Dan Carl <danc@dont-contact.us>
Date: Mon, 22 Aug 2005 14:32:03 -0500

Here's my situation:
If have only one public IP address.
Internally I have three Apache servers running.
Right now I have my firewall route port 80 to my webserver.
I also have a mailserver running secure webmail on it, so I forward port 443
to it.
My problem is now I want to be able to do ssl on my third websever.
I tried to use mod_proxy to accomplish this without success, so I figured I
would try squid.
I don't need squid to accelerate, I just need it direct traffic.
I thought my firewall would be a good place to install squid because its
basically doing nothing but packet filtering.
I first setup squid as a transparent proxy for my internal clients.(It's
running why not use it in both directions)
This went very well, I added the following lines to my squid.conf and the
following line to iptables script.
acl our_networks src 10.0.0.0/24
http_access allow our_networks

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

$IPTABLES -t nat -A PREROUTING -i $LAN_NIC -p tcp --dport 80 \
-j REDIRECT --to-port 3128

Next I tried to set squid up to solve my initial problem.
I read most everything on the Squid site and google about reverse proxy and
web accellating.
I added this to my squid conf
redirect_program /usr/local/bin/redir.pl
redirect_children 5
redirect_rewrites_host_head off
Made the script
#!/usr/local/bin/perl
        $|=1;
        while (<>) {
                s@https://fromhost.com@https://tohost.org@;
                print;
        }
added this to my /etc/hosts
10.0.0.12 tohost.org

added this iptables script
$IPTABLES -t nat -A PREROUTING -i $INET_NIC -p tcp --dport 443 \
-j REDIRECT --to-port 3128

When I start squid, It dies right away.
Here's the error.
 Squid Parent: child process 14166 exited due to signal 6
The redirector helpers are crashing too rapidly, need help!
What am I doing wrong?
Received on Mon Aug 22 2005 - 13:32:52 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:02 MDT