Gianfranco Varone [TIN] wrote:
Hi to all,
firstable sorry for my english!!
I'm trying to configure
reverse proxy with Squid version 2.6, to permit users to connect to
our mail server
Schema as follow:
USER -> internet -> Squid(DMZ) -> FW
-> Mail(LAN)
Squid AND Mail answer on tcp port 10000
Squid.conf:
http_port ipSquid:10000 vhost=ipMail:10000 vport=10000 accel
http_port ipSquid:10000 accel vhost defaultsite=fqdnMailDomain:10000
cache_peer ipMail 10000 0 no-query originserver
acl MailServer ipMail/32
acl MailServer dstdomain fqdnMailDomain
always_direct deny all !MailServer
No. Instead:
never_direct allow fqdnMailDomain
http_access allow fqdnMailDomain
cache_peer_access ipMail allow fqdnMailDomain
cache_peer_access deny all
So, if i try to connect to http:
//ipProxy:10000/ i get the login page, but every request automatically
redirect to http://ipMail:10000 and i obviously get errors!
Prefer FQDN for public mail.
Point FQDN for mail at ipSquid so clients can get to proxy.
NP: no need for squid to listen on 10000, it can be anything. The
clients never know the private link to mail and mail only knows squid is
connecting correctly.
Using
squid 2.5 instead it works perfectly!
Squid 2.5 conf:
http_port 10000
httpd_accel_host 192.168.0.8
httpd_accel_port 10000
httpd_accel_single_host on
httpd_accel_uses_host_header on
httpd_accel_with_proxy on
Where i'm in wrong???
Cheers/GfV
Amos
--
Please use Squid 2.6.STABLE20 or 3.0.STABLE5
