Re: [squid-users] Squid reverse proxy on DMZ from Chris Robertson on 2009-12-10 (squid-users)

From: Chris Robertson <crobertson_at_gci.net>
Date: Thu, 10 Dec 2009 12:07:34 -0900

Cactus Co wrote:
> I have read in the wiki example of reverse proxy vhost and I have questions.
>
> Please, I am inexperienced in Squid and I'm trying to install it on my
> webserver in a DMZ running a reverse proxy, but does not work.
>
> In the outgoing Internet server and in DMZ webserver (apache2) there
> is a Debian Lenny with forwading enabled.
> My doubts are if the line "cache_peer ip.of.webserver parent 80 0
> no-query originserver name = myAccel" where says "name = myAccel" I
> should put the server name that outgoing to Internet or name of the
> webserver in DMZ.
>

The name option to the cache_peer directive is just an internal label,
which you can use in cache_peer_access or cache_peer_domain directives.
The label itself is unimportant (as long as it is unique).

> Another question is if it's work: I have not installed and running a
> DNS server (bind9). Then, with only setting my ISP's nameservers in
> resolve.conf it work???
>

Assuming you meant to say that you HAVE installed Bind9, but it's not
resolving, some possibilities:
* You have not populated the root zone properly.
* You have not set a DNS forwarder
* Firewall rules are preventing your Bind9 install from making queries.

> Another doubt is that the firewall (iptables) running on the Internet
> outgoing server I have forwarded (DNAT) requests to port 80 of the
> outgoing server to port 80 on the webserver in the DMZ.... This is
> okay????
>

As long as it works...

> Now I can not see the pages or from the LAN or from outside
> (internet) and I get a message:
> "Unable to forward this request at this time. This request could not
> be forwarded to the origin server or to any parent caches. The most
> likely cause for this error is that: The cache administrator does not
> allow this cache to make direct connections to origin servers, and All
> configured parent caches are currently unreachable".
>

...but it doesn't appear to. This error indicates that the Squid server
is not getting a response from the web server it is supposed to be
accelerating. There is not enough supplied data to point to a cause.

> Thanks in advance
> Cactus
>

Chris
Received on Thu Dec 10 2009 - 21:07:58 MST

This archive was generated by hypermail 2.2.0 : Fri Dec 11 2009 - 12:00:02 MST