LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: lvs + squid + squidguard

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: lvs + squid + squidguard
From: Horms <horms@xxxxxxxxxxxx>
Date: Fri, 14 Oct 2005 10:47:53 +0900
On Thu, Oct 13, 2005 at 04:00:30PM +0100, Tony Spencer wrote:

[snip, snip, snip,...]

> > > You are correct that I'm running LVS-NAT.
> > > I'm a little lost on your reply though.
> > > Are you speaking about the SquidGuard rules or the LVS rules??
> > 
> > SquidGuard. It's just a guess.
> 
> SquidGuard has no IP rules.
> It just blocks certain domains/urls listed in a db file.

All that LVS-NAT should be doing is changing the destination IP address
in the IP header of the packet from the VIP to the appropriate RIP. It
does not mangle the data section of the packet.

I guess Squidgaurd must be using the IP address that
a connection is made to as part of its test somewhere.

Perhaps its as simple as telling squidguard to act on 
connections to the RIP instead of (or as well as if you like)
the VIP. But I am really just guessing at this point.

-- 
Horms

<Prev in Thread] Current Thread [Next in Thread>