Re: R: Re: [squid-users] Reverse proxy problem

[Amos Jeffries <squid3@xxxxxxxxxxxxx>]

Gianfranco Varone [TIN] wrote:
> Cool, it works!!!!
>
> Now Squid 2.6 stable 20 (on windows, thank you 
> Guido) runs really good. 
>
> Thanks thanks thanks!!!
>
> Another question...
> with squid i have to deliver 3 services:
> 1. proxy on port 8080 (it 
> works);
> 2. reverse proxy on port 10000 (and NOW it works);
> But...if i 
> want to (third service) reverse another port on the same server?
>
> Schema (always the same):
> MOBILE USER -> internet -> Squid(DMZ) -> FW -
> > Mail(LAN)
> but...now services answers on port 8642
>
> if i insert 
> http_port ipSquid:8642 accel vhost defaultsite=fqdnMailDomain:8642 -> 
> OK
>
> but
> cache_peer ipMail 8642 0 no-query originserver -> Fail! (double 
> cache_peer on the same server)

cache_peer ipMail parent 10000  ...  name=mail
cache_peer ipMail parent 8642 ...  name=mobile

.. also need to change cache_peer_access from refering to ipMail to 
refer to mail or mobile instead.

for example:

 never_direct allow fqdnMailDomain
 http_access allow fqdnMailDomain

 cache_peer_access mail allow fqdnMailDomain
 cache_peer_access mail deny all

 cache_peer_access mobile allow fqdnMailDomain
 cache_peer_access mobile deny all

Amos

> Thanks in advance/GfV
> ----Messaggio 
> originale----
> Da: squid3@xxxxxxxxxxxxx
> Data: 2-mag-2008 1.50 PM
> A: 
> "Gianfranco Varone [TIN]"<gfvarone@xxxxxx>
> Cc: <squid-users@squid-cache.
> org>
> Ogg: Re:  Reverse proxy problem
>
> Gianfranco Varone 
> [TIN] wrote:
> > Hi to all, 
> > firstable sorry for my english!!
> >
> > I'm 
> trying to configure 
> > reverse proxy with Squid version 2.6, to permit 
> users to connect  to 
> > our mail server
> >
> > Schema as follow:
> > USER -
> > internet -> Squid(DMZ) -> FW 
> > -> Mail(LAN)
> > Squid AND Mail answer 
> on tcp port 10000
> > Squid.conf:
> > http_port ipSquid:10000 
> vhost=ipMail:10000 vport=10000 accel
>
> http_port ipSquid:10000 accel 
> vhost defaultsite=fqdnMailDomain:10000
>
> > cache_peer ipMail 10000 0 no-
> query originserver
> > acl MailServer ipMail/32
>
> acl MailServer dstdomain 
> fqdnMailDomain
>
> > always_direct deny all !MailServer
>
> No. Instead:
>
> never_direct allow fqdnMailDomain
> http_access allow fqdnMailDomain
> cache_peer_access ipMail allow fqdnMailDomain
> cache_peer_access deny 
> all
>
> > So, if i try to connect to http:
> > //ipProxy:10000/ i get the 
> login page, but every request automatically 
> > redirect to http:
> //ipMail:10000 and i obviously get errors!
>
> Prefer FQDN for public 
> mail.
> Point FQDN for mail at ipSquid so clients can get to proxy.
>
> NP: 
> no need for squid to listen on 10000, it can be anything. The 
> clients 
> never know the private link to mail and mail only knows squid is 
> connecting correctly.
>
> > Using 
> > squid 2.5 instead it works 
> perfectly!
> > Squid 2.5 conf:
> > http_port 10000
> > httpd_accel_host 
> 192.168.0.8
> > httpd_accel_port 10000
> > httpd_accel_single_host on
> httpd_accel_uses_host_header on
> > httpd_accel_with_proxy on
> >
> > Where 
> i'm in wrong???
> > Cheers/GfV
>
> Amos


--
Please use Squid 2.6.STABLE20 or 3.0.STABLE5