Re: [squid-users] Reverse proxy problem

From: Amos Jeffries <squid3@dont-contact.us>
Date: Fri, 02 May 2008 23:50:37 +1200

Gianfranco Varone [TIN] wrote:
> Hi to all,
> firstable sorry for my english!!
>
> I'm trying to configure
> reverse proxy with Squid version 2.6, to permit users to connect to
> our mail server
>
> Schema as follow:
> USER -> internet -> Squid(DMZ) -> FW
> -> Mail(LAN)
> Squid AND Mail answer on tcp port 10000
>
> Squid.conf:
> http_port ipSquid:10000 vhost=ipMail:10000 vport=10000 accel

http_port ipSquid:10000 accel vhost defaultsite=fqdnMailDomain:10000

> cache_peer ipMail 10000 0 no-query originserver
> acl MailServer ipMail/32

acl MailServer dstdomain fqdnMailDomain

> always_direct deny all !MailServer

No. Instead:

never_direct allow fqdnMailDomain
http_access allow fqdnMailDomain
cache_peer_access ipMail allow fqdnMailDomain
cache_peer_access deny all

>
> So, if i try to connect to http:
> //ipProxy:10000/ i get the login page, but every request automatically
> redirect to http://ipMail:10000 and i obviously get errors!

Prefer FQDN for public mail.
Point FQDN for mail at ipSquid so clients can get to proxy.

NP: no need for squid to listen on 10000, it can be anything. The
clients never know the private link to mail and mail only knows squid is
connecting correctly.

>
> Using
> squid 2.5 instead it works perfectly!
>
> Squid 2.5 conf:
> http_port 10000
> httpd_accel_host 192.168.0.8
> httpd_accel_port 10000
> httpd_accel_single_host on
> httpd_accel_uses_host_header on
> httpd_accel_with_proxy on
>
> Where i'm in wrong???
>
> Cheers/GfV

Amos

-- 
Please use Squid 2.6.STABLE20 or 3.0.STABLE5
Received on Fri May 02 2008 - 11:49:59 MDT

This archive was generated by hypermail 2.2.0 : Tue May 13 2008 - 12:00:02 MDT