On Thu, 13 Oct 2005, Tony Spencer wrote:
It fails if squid is trying to serve a page that is local, that is if the
page is on a web site that resolves back to the VIP.
you need to do special things to get the realservers to be a
client in an LVS.
http://www.austintek.com/LVS/LVS-HOWTO/mini-HOWTO/LVS-mini-HOWTO.html#gotchas
With regards squidguard:
It just doesn't seem to work correctly it doesn't block the domains that it
should as soon as it's behind the LVS in a load balanced cluster.
If I take the squid/squidguard server from behind the LVS and put it on a
real world IP directly into our router it all works and blocks content by
redirecting the blocked request to a page informing the request was blocked.
As soon as I put the server back into the cluster it all fails again.
I don't understand how it could be to do with the LVS or the load balancing
but I can't think of any other reason.
I think you have an LVS-NAT setup. The destination IPs are
rewritten to the RIPs in LVS-NAT. Are your rules for the RIP
rather than the VIP?
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
|