LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: lvs + squid + squidguard

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: lvs + squid + squidguard
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Date: Thu, 13 Oct 2005 05:36:18 -0700 (PDT)
On Thu, 13 Oct 2005, Tony Spencer wrote:

It fails if squid is trying to serve a page that is local, that is if the
page is on a web site that resolves back to the VIP.

you need to do special things to get the realservers to be a client in an LVS.

http://www.austintek.com/LVS/LVS-HOWTO/mini-HOWTO/LVS-mini-HOWTO.html#gotchas

With regards squidguard:
It just doesn't seem to work correctly it doesn't block the domains that it
should as soon as it's behind the LVS in a load balanced cluster.
If I take the squid/squidguard server from behind the LVS and put it on a
real world IP directly into our router it all works and blocks content by
redirecting the blocked request to a page informing the request was blocked.

As soon as I put the server back into the cluster it all fails again.
I don't understand how it could be to do with the LVS or the load balancing
but I can't think of any other reason.

I think you have an LVS-NAT setup. The destination IPs are rewritten to the RIPs in LVS-NAT. Are your rules for the RIP
rather than the VIP?

Joe

--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml Homepage http://www.austintek.com/ It's GNU/Linux!

<Prev in Thread] Current Thread [Next in Thread>