RE: lvs + squid + squidguard

To:	"'LinuxVirtualServer.org users mailing list.'" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	RE: lvs + squid + squidguard
From:	"Tony Spencer" <tony@xxxxxxxxxxxxxxxxxx>
Date:	Thu, 13 Oct 2005 13:55:40 +0100

Hi Joe

Thanks for the reply.
First problem is now solved.
I added an iptables rule so any web requests locally to the VIP are
rewritten to the local server on port 80.

You are correct that I'm running LVS-NAT.
I'm a little lost on your reply though.
Are you speaking about the SquidGuard rules or the LVS rules??

Tony

-----Original Message-----
From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Joseph Mack
NA3T
Sent: 13 October 2005 13:36
To: LinuxVirtualServer.org users mailing list.
Subject: Re: lvs + squid + squidguard

On Thu, 13 Oct 2005, Tony Spencer wrote:

> It fails if squid is trying to serve a page that is local, that is if the
> page is on a web site that resolves back to the VIP.

you need to do special things to get the realservers to be a 
client in an LVS.

http://www.austintek.com/LVS/LVS-HOWTO/mini-HOWTO/LVS-mini-HOWTO.html#gotcha
s

> With regards squidguard:
> It just doesn't seem to work correctly it doesn't block the domains that
it
> should as soon as it's behind the LVS in a load balanced cluster.
> If I take the squid/squidguard server from behind the LVS and put it on a
> real world IP directly into our router it all works and blocks content by
> redirecting the blocked request to a page informing the request was
blocked.
>
> As soon as I put the server back into the cluster it all fails again.
> I don't understand how it could be to do with the LVS or the load
balancing
> but I can't think of any other reason.

I think you have an LVS-NAT setup. The destination IPs are 
rewritten to the RIPs in LVS-NAT. Are your rules for the RIP
rather than the VIP?

Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml 
Homepage http://www.austintek.com/ It's GNU/Linux!

-- 
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.11.14/131 - Release Date: 12/10/2005
 

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.11.14/131 - Release Date: 12/10/2005

<Prev in Thread]	Current Thread	[Next in Thread>
lvs + squid + squidguard, Tony Spencer Re: lvs + squid + squidguard, Joseph Mack NA3T RE: lvs + squid + squidguard, Tony Spencer <= RE: lvs + squid + squidguard, Joseph Mack NA3T RE: lvs + squid + squidguard, Tony Spencer RE: lvs + squid + squidguard, Joseph Mack NA3T RE: lvs + squid + squidguard, Tony Spencer Re: lvs + squid + squidguard, Horms RE: lvs + squid + squidguard - Fixed, Tony Spencer Re: lvs + squid + squidguard, Graeme Fowler RE: lvs + squid + squidguard, Tony Spencer

Previous by Date:	Re: OutPkts stay at 0, Luca Maranzano
Next by Date:	RE: OutPkts stay at 0, Keijser, L.S
Previous by Thread:	Re: lvs + squid + squidguard, Joseph Mack NA3T
Next by Thread:	RE: lvs + squid + squidguard, Joseph Mack NA3T
Indexes:	[Date] [Thread] [Top] [All Lists]