Re: [squid-users] Re: Squid Reverse Proxy cannot open ports from Amos Jeffries on 2013-07-17 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 18 Jul 2013 03:05:39 +1200

On 18/07/2013 12:17 a.m., jc.yin.cn wrote:
> <quote author='Amos Jeffries-2'>
> On 17/07/2013 11:31 p.m., jc.yin wrote:
>> I have set the NAT to forward all requests to port 80 to the local server.
>> Port 80 is also open to the outside world, you can check here:
>>
>> http://www.yougetsignal.com/tools/open-ports/
>>
>> IP : 85.0.72.123
>> Port : 80
>>
>> If you try to access 85.0.72.123 you'll see that it points to Apache's
>> default directory, however the directory it's point to is the local Squid
>> server's own apache directory, not the real directory of the remote web
>> server.
>>
>> So to recap,
>>
>> 1. I am forwarding port 80 to 192.168.1.45
>> 2. IP 85.0.72.123 has port 80 open to the outside world
>> 3. Accessing 85.0.72.123 brings you to the apache directory of
>> 192.168.1.45
>>
>> The only problem is that in ifconfig, inet addr: 192.168.1.45 is still
>> there.
> No problem. 192.168.1.45 address is the internal (private) IP for the
> system. That is the one Squid should be listening on.
>
> The public DNS should point everyone out here on the Internet to contact
> 85.0.72.123 on port 80.
>
> The NAT system should convert 85.0.72.123 to 192.168.1.45 on traffic
> before it gets to Squid and things "just work".
>
>
> NOTE: you will see many messages about Squid and NAT not playing nice
> together and "NAT must be done on the same box". These only apply to the
> interception-proxy traffic mode. Reverse-proxy such as you are setting
> up do not face the same problems and yours should "just work".
>
>
> Amos
>
> </quote>
>
> Right, but the thing is that 85.0.72.123 (IP of Squid reverse proxy) should forward non-cached requests (which is all requests right now since nothing is cached) to this IP 37.139.5.102 (IP of Web server). However this isn't happening. Going to 85.0.72.123 doesn't get directed to 37.139.5.102

Nope. Traffic to 85.0.72.123 should be going via NAT to 192.168.1.45.
Then Squid should be receiving it at 192.168.1.45. Then Squid should be
passing requests to a cache_peer 37.139.5.102.

>
> In my Squid.conf file at the top I have this:
>
> cache_peer 37.139.5.102 parent 80 0 no-query originserver name=myAccell
>
>
> So with all the settings together that I have, shouldn't going to 85.0.72.123 forward to 37.139.5.102? Or I'm I still doing something wrong here.

For that to happen the requests have to be going through Squid. Are they?

Amos
Received on Wed Jul 17 2013 - 15:05:47 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 17 2013 - 12:00:19 MDT