I have been working on this config for 4 straight days without success and need some help. What I am trying to configure is a DMZ server (with true public addresses) running Squid that acts as a front-end server to three separate Exchange OWA servers in private networks (all accessible behind the same firewall). Internet --- Firewall --- Squid Server (public with 3 IPs) | |---- Exch 1 (private) |---- Exch 2 (private) |---- Exch 3 (private) Squid (2.6 stable 17, running on CentOS 5) is configured to bind three public IPs on port 80, one for each internal server. Using the config excerpted below, I can open the public IP for each one and reach the proper private OWA server. BTW, resolution for internal IPs is handled correctly by Squid server "Hosts" file. The problem is that, instead of Squid handling the entire transaction and acting as a middleman, Squid receives the first request and then passes the client completely on to the internal server. For example, 1) open squid-pub1.domain.com/exchange; 2) receive the authentication pop-up for Exchange OWA (from squid-pub1 server) and provide credentials; 3) receive the authentication pop-up for Exchange OWA (from internal OWA server) and provide credentials; 4) browser loads internal OWA server 1 (address is now internal server name). When I am here on the network this works since I have access to both public and private network segments. Obviously, when outside on the public Internet this fails miserably since the internal addresses cannot be publicly routed. I need the Squid server to operate entirely as a middleman for this situation to work. Eventually, this will also be changed over to HTTPS and SSL, but for now, we need it running on port 80. I've dug through the FAQ, tried to find similar issues in the Archive, read all of the docs at ViSolve (they are from older versions anyway), and searched Google for hours. Any/all help would be appreciated. TIA, Michael Here are all active lines from the config file (names and IPs changed to protect the innocent): acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 443 # https acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl OWAip dst 10.xxx.xxx.xx ##internal server 1 acl OWAip2 dst 10.xxx.xxx.xx ##internal server 2 acl OWAip3 dst 192.xxx.xxx.x ##internal server 3 acl OWA dstdomain exch1.domain1.local ##internal exch OWA FQDN 1 acl OWA2 dstdomain exch2.domain2.com ##internal exch OWA FQDN 2 acl OWA3 dstdomain exch3.domain3.com ##internal exch OWA FQDN 3 http_access allow OWAip http_access allow OWAip2 http_access allow OWAip3 http_access deny all icp_access allow all miss_access allow OWAip miss_access allow OWAip2 miss_access allow OWAip3 miss_access deny all http_port 208.xxx.xxx.210:80 accel defaultsite=exch1.domain1.local ##pub/DMZ IP on port 80 to priv OWA via FQDN http_port 208.xxx.xxx.211:80 accel defaultsite=exch2.domain2.com ##pub/DMZ IP on port 80 to priv OWA via FQDN http_port 208.xxx.xxx.212:80 accel defaultsite=exch3.domain3.com ##pub/DMZ IP on port 80 to priv OWA via FQDN cache_peer 10.xxx.xxx.xx parent 80 0 no-query originserver login=PASS name=exch1 cache_peer 10.xxx.xxx.xx parent 80 0 no-query originserver login=PASS name=exch2 cache_peer 192.xxx.xxx.x parent 80 0 no-query originserver login=PASS name=exch3 cache_peer_access exch1 allow OWA cache_peer_access exch2 allow OWA2 cache_peer_access exch3 allow OWA3 never_direct allow OWAip never_direct allow OWAip2 never_direct allow OWAip3 hierarchy_stoplist cgi-bin ? access_log /usr/local/squid/var/logs/access.log squid acl QUERY urlpath_regex cgi-bin \? cache deny QUERY refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl apache rep_header Server ^Apache broken_vary_encoding allow apache coredump_dir /usr/local/squid/var/cache
