RE: Squid + LVS - tunneling

[Elías <esandoval@xxxxxxx>]

Hi Peter. Thank you for your help.

I haven't installed apache web server in this linux box (it's in other
box).So, about the netstat command, the results is
-------------------------
oldprox3:/usr/local/squid/etc# netstat -anp | grep LISTEN | more
tcp        0      0 142.10.1.94:8080        0.0.0.0:*              
LISTEN      8834/(squid)
tcp        0      0 142.10.1.93:8080        0.0.0.0:*              
LISTEN      8834/(squid)
---------------------------------
Perhaps I must write a iptable's rule in order to redirect port 8080 to
8834?. So, if I've write this port and IP in squid.conf, I think it must
work, isn't it?. I write here the first lines of squid.conf,
---------------------------------------------
oldprox3:/usr/local/squid/etc# cat squid.conf|more
http_port 142.10.1.93:8080
http_port 142.10.1.94:8080

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 8 MB
maximum_object_size 1024 KB
ipcache_size 20000
fqdncache_size 8000

cache_dir ufs /usr/local/squid/cache 100 16 256
cache_access_log /usr/local/squid/logs/access.log
cache_log /usr/local/squid/logs/cache.log
cache_store_log none

emulate_httpd_log on

reference_age 2 weeks

quick_abort_min 0

negative_ttl 1 minutes
negative_dns_ttl 1 minutes

half_closed_clients off

half_closed_clients off

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563 1339 3000 8000-8009 8080 8083 8090 8093
acl Safe_ports port 80 81 82 83 99 100 # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 389         # Ldap
acl Safe_ports port 709         # Ldap fnmt
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
.........
.........
.........

------------------------------------------




El mié, 27-11-2002 a las 22:00, Peter Mueller escribió:
> Hi Elias,
> 
> > I don't understand about your answer "Setup LVS-tun with httpd on the
> > squid box and does LVS work to it?". I've configured only the 
> > dev tunl0
> > in the squid box. My ifconfig -a in the squid box is
> 
> I just meant, if you have apache instead of squid on port 8080 does it work?
> 
> > Squid box
> > 
> > oldprox3:/usr/local/squid/etc# tcpdump -n port 8080 -i tunl0
> > tcpdump: listening on tunl0
> > 08:20:44.134919 142.10.0.245.33312 > 142.10.1.93.8080: S
> > 2922199777:2922199777(0) win 5840 <mss 1460,sackOK,timestamp 6737970
> > 0,nop,wscale 0> (DF)
> > 08:20:47.126799 142.10.0.245.33312 > 142.10.1.93.8080: S
> > 2922199777:2922199777(0) win 5840 <mss 1460,sackOK,timestamp 6738270
> > 0,nop,wscale 0> (DF)
> > 08:20:53.127056 142.10.0.245.33312 > 142.10.1.93.8080: S
> > 2922199777:2922199777(0) win 5840 <mss 1460,sackOK,timestamp 6738870
> > 0,nop,wscale 0> (DF)
> > 08:21:05.127541 142.10.0.245.33312 > 142.10.1.93.8080: S
> > 2922199777:2922199777(0) win 5840 <mss 1460,sackOK,timestamp 6740070
> > 0,nop,wscale 0> (DF)
> 
> this looks good, at least syns are getting in.
> 
> > I've put in squid.conf http_conf 142.10.1.93:8080
> 
> netstat -anp | grep LISTEN | grep squid shows squid listening on
> 142.10.1.93:8080?
> 
> can you post your squid.conf?
> 
> P
> 
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>