Re: [squid-users] Re: Squid Reverse Proxy cannot open ports

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 17 Jul 2013 23:45:33 +1200

On 17/07/2013 11:31 p.m., jc.yin wrote:
> I have set the NAT to forward all requests to port 80 to the local server.
> Port 80 is also open to the outside world, you can check here:
>
> http://www.yougetsignal.com/tools/open-ports/
>
> IP : 85.0.72.123
> Port : 80
>
> If you try to access 85.0.72.123 you'll see that it points to Apache's
> default directory, however the directory it's point to is the local Squid
> server's own apache directory, not the real directory of the remote web
> server.
>
> So to recap,
>
> 1. I am forwarding port 80 to 192.168.1.45
> 2. IP 85.0.72.123 has port 80 open to the outside world
> 3. Accessing 85.0.72.123 brings you to the apache directory of 192.168.1.45
>
> The only problem is that in ifconfig, inet addr: 192.168.1.45 is still
> there.

No problem. 192.168.1.45 address is the internal (private) IP for the
system. That is the one Squid should be listening on.

The public DNS should point everyone out here on the Internet to contact
85.0.72.123 on port 80.

The NAT system should convert 85.0.72.123 to 192.168.1.45 on traffic
before it gets to Squid and things "just work".

NOTE: you will see many messages about Squid and NAT not playing nice
together and "NAT must be done on the same box". These only apply to the
interception-proxy traffic mode. Reverse-proxy such as you are setting
up do not face the same problems and yours should "just work".

Amos
Received on Wed Jul 17 2013 - 11:45:40 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 17 2013 - 12:00:19 MDT