[squid-users] R: Re: [squid-users] Reverse proxy problem from Gianfranco Varone \[TIN\] on 2008-05-03 (squid-users)

From: Gianfranco Varone \[TIN\] <gfvarone@dont-contact.us>
Date: Sat, 3 May 2008 14:19:17 +0100 (GMT+01:00)

Cool, it works!!!!

Now Squid 2.6 stable 20 (on windows, thank you
Guido) runs really good.

Thanks thanks thanks!!!

Another question...
with squid i have to deliver 3 services:
1. proxy on port 8080 (it
works);
2. reverse proxy on port 10000 (and NOW it works);
But...if i
want to (third service) reverse another port on the same server?

Schema (always the same):
MOBILE USER -> internet -> Squid(DMZ) -> FW -
> Mail(LAN)
but...now services answers on port 8642

if i insert
http_port ipSquid:8642 accel vhost defaultsite=fqdnMailDomain:8642 ->
OK

but
cache_peer ipMail 8642 0 no-query originserver -> Fail! (double
cache_peer on the same server)

Thanks in advance/GfV
----Messaggio
originale----
Da: squid3@treenet.co.nz
Data: 2-mag-2008 1.50 PM
A:
"Gianfranco Varone [TIN]"<gfvarone@tin.it>
Cc: <squid-users@squid-cache.
org>
Ogg: Re: [squid-users] Reverse proxy problem

Gianfranco Varone
[TIN] wrote:
> Hi to all,
> firstable sorry for my english!!
>
> I'm
trying to configure
> reverse proxy with Squid version 2.6, to permit
users to connect to
> our mail server
>
> Schema as follow:
> USER -
> internet -> Squid(DMZ) -> FW
> -> Mail(LAN)
> Squid AND Mail answer
on tcp port 10000
>
> Squid.conf:
> http_port ipSquid:10000
vhost=ipMail:10000 vport=10000 accel

http_port ipSquid:10000 accel
vhost defaultsite=fqdnMailDomain:10000

> cache_peer ipMail 10000 0 no-
query originserver
> acl MailServer ipMail/32

acl MailServer dstdomain
fqdnMailDomain

> always_direct deny all !MailServer

No. Instead:

never_direct allow fqdnMailDomain
http_access allow fqdnMailDomain
cache_peer_access ipMail allow fqdnMailDomain
cache_peer_access deny
all

>
> So, if i try to connect to http:
> //ipProxy:10000/ i get the
login page, but every request automatically
> redirect to http:
//ipMail:10000 and i obviously get errors!

Prefer FQDN for public
mail.
Point FQDN for mail at ipSquid so clients can get to proxy.

NP:
no need for squid to listen on 10000, it can be anything. The
clients
never know the private link to mail and mail only knows squid is
connecting correctly.

>
> Using
> squid 2.5 instead it works
perfectly!
>
> Squid 2.5 conf:
> http_port 10000
> httpd_accel_host
192.168.0.8
> httpd_accel_port 10000
> httpd_accel_single_host on
>
httpd_accel_uses_host_header on
> httpd_accel_with_proxy on
>
> Where
i'm in wrong???
>
> Cheers/GfV

Amos

-- 
Please use Squid 2.6.STABLE20 
or 3.0.STABLE5

Received on Sat May 03 2008 - 13:19:25 MDT

This archive was generated by hypermail 2.2.0 : Tue May 13 2008 - 12:00:02 MDT