On Thu, Oct 13, 2005 at 04:00:30PM +0100, Tony Spencer wrote:
[snip, snip, snip,...]
> > > You are correct that I'm running LVS-NAT.
> > > I'm a little lost on your reply though.
> > > Are you speaking about the SquidGuard rules or the LVS rules??
> >
> > SquidGuard. It's just a guess.
>
> SquidGuard has no IP rules.
> It just blocks certain domains/urls listed in a db file.
All that LVS-NAT should be doing is changing the destination IP address
in the IP header of the packet from the VIP to the appropriate RIP. It
does not mangle the data section of the packet.
I guess Squidgaurd must be using the IP address that
a connection is made to as part of its test somewhere.
Perhaps its as simple as telling squidguard to act on
connections to the RIP instead of (or as well as if you like)
the VIP. But I am really just guessing at this point.
--
Horms
|