Re: [squid-users] Squid / Heartbeat / IPtables

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Tue, 01 May 2007 17:39:30 +0200

tis 2007-05-01 klockan 08:38 -0500 skrev Paul Fiero:

> the heartbeat be lost. Given this configuration we have squid
> configured as a transparent proxy with the following pertinent
> settings as I found them in a couple of different documents on
> transparent proxy:
> http_port 192.168.1.6:3128
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on

I would strongly recommend you to upgrade to Squid-2.6.

> At this point I also ensured that ipv4 ip_forward is set to 1, then I
> set up an iptables rule to redirect traffic to the correct port:
> iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 80 -j REDIRECT
> --to-port 3128

Ok.

> When I had Squid configured this way and did not have it being run via
> the clustering services all worked fine with policy-based routes and
> all. It was a site to behold.

Fine.

> Then as soon as we reconfigured
> everything for use in the cluster traffic has stopped flowing. It
> appears to be getting to at least the port on the switch where the
> squid servers are plugged in so I know that the PBR is working.

Hmm.. no idea really. These things is pretty basic.

But check the ARP cache on the router. Maybe it has got the wrong MAC
for the virtual IP you route to. Or maybe you have an IP conflict on
that IP with more than one machine claiming to have the IP active (try
arping for it from the supposedly active server, should get no
responses)

Regards
Henrik

Received on Tue May 01 2007 - 09:39:35 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:04 MDT