lvs + squid + squidguard

To:	<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	lvs + squid + squidguard
From:	"Tony Spencer" <tony@xxxxxxxxxxxxxxxxxx>
Date:	Thu, 13 Oct 2005 13:13:00 +0100

I’m after a bit of help and advice regarding a couple of issues I have that
I’ve not been able to resolve over the past few days.

Basically I’ve got an LVS running on Redhat 7.3 doing load balancing for 2
backend servers.
I want to be able to run squid, squidguard and also have some web content on
the 2 backend servers.
This presents a couple of issues, first off here is how my setup is:



             __________        eth0   - real world IP
            |          |       eth0:1 - real world IP (vip)
            |    LVS   |---|   eth1   - 192.168.0.1
            |__________|   |   eth1:1 - 192.168.0.254 (nat router IP)
                           |
                           |
          ------------------
          |                |                 
          |                |                 
 RIP1=192.168.0.2  RIP2=192.168.0.3 (all on eth0 - GW 192.168.0.254)
   _____________     _____________    
  |             |   |             |   
  | real-server |   | real-server |  
  |_____________|   |_____________|   

The real servers are running squid on port 3128 and http on port 80.

My first problem is although squid works fine and brings content and serves
it to a web browser.
It fails if squid is trying to serve a page that is local, that is if the
page is on a web site that resolves back to the VIP.
Squid and http are both using the same VIP, I believe it maybe a routing
issue as the request comes into squid on port (vip):3128 and is then asked
to bring a web page on (vip):80. Although I'm not 100% sure.

My second problem is to do with squidguard and blocking sites.
Although maybe the fix to my first problem will fix my second one.
However if anyone is successfully running the same sort of setup as I am I
would be interested to know if the same problem was seen by them and how it
was overcome.

With regards squidguard:
It just doesn't seem to work correctly it doesn't block the domains that it
should as soon as it's behind the LVS in a load balanced cluster.
If I take the squid/squidguard server from behind the LVS and put it on a
real world IP directly into our router it all works and blocks content by
redirecting the blocked request to a page informing the request was blocked.

As soon as I put the server back into the cluster it all fails again.
I don't understand how it could be to do with the LVS or the load balancing
but I can't think of any other reason.

Thanks in advance

Tony


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.11.14/131 - Release Date: 12/10/2005

<Prev in Thread]	Current Thread	[Next in Thread>
lvs + squid + squidguard, Tony Spencer <= Re: lvs + squid + squidguard, Joseph Mack NA3T RE: lvs + squid + squidguard, Tony Spencer RE: lvs + squid + squidguard, Joseph Mack NA3T RE: lvs + squid + squidguard, Tony Spencer RE: lvs + squid + squidguard, Joseph Mack NA3T RE: lvs + squid + squidguard, Tony Spencer Re: lvs + squid + squidguard, Horms RE: lvs + squid + squidguard - Fixed, Tony Spencer Re: lvs + squid + squidguard, Graeme Fowler RE: lvs + squid + squidguard, Tony Spencer

Previous by Date:	RE: OutPkts stay at 0, Keijser, L.S
Next by Date:	Re: lvs + squid + squidguard, Joseph Mack NA3T
Previous by Thread:	OutPkts stay at 0, Keijser, L.S
Next by Thread:	Re: lvs + squid + squidguard, Joseph Mack NA3T
Indexes:	[Date] [Thread] [Top] [All Lists]