Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi all,
I am having two Internet connections at my office.They are from two different ISPs.The links from the ISP are terminating at two different machines.
I have set squid on both of these and the internet is distributed in LAN through squid.Two machines have different LAN IPs ,but in the same class....
Suppose 192.168.0.1 and 192.168.0.2
By default all the trafic is passing through 192.168.0.1
192.168.0.2 is used for some other testing purposes.
But if the link of 192.168.0.1 is down I manually shift the connections to 192.168.0.2. To do so I have to change the settings in all the clients in the LAN one by one.
So I would like to set up an HA environment... ie,if the link terminating at 192.168.0.1 goes down ,all the traffic should be redirected to 192.168.0.2:3128 .Is it possible ?
Can anyone help me ? Did anyone think of it ?
yeah it's totally possible, just using a bog standard heartbeat. check linux-ha.org for info.
in your situation though i'd *VERY* strongly suggest just using a central proxy.pac file and return both squid addresses. the proxy.pac rules say that if two caches are given equally a browser will use the first one that works. that's instant resilience without any heartbeat crap.
May I also suggest load balancing with round-robin DNS A records...?
I'd love to try that myself if I had two links like you do...
Cheers
I wouldn't do this as i'd assume that once the browser does the lookup for the proxy it's stuck with it. it'll load balance, but not provide resilience. could be wrong, and it'd also be totally down to the browser when it wants to reconnect to a proxy and whether a lookup is done or not.
You're right about not being fault-tolerant...
But the load balance could work if you'd set the ttl for A records of both proxy servers to a low value, like 1 minute... The client cached A record would be discarded after that time and a new lookup would be performed.
Anyway, I guess I got carried away with the two links thingy and went off-topic; sorry 'bout that...
thank you all,
But i don't know how to define two proxy servers in proxy.pac
And after all I am willing to give direct connection for some machines in LAN.Currently it is done by FORWARD in IPTABLES. How can I do it along with this proxy setup..?
I have done some access controls .
But for those who are enjoying direct connection no limit for the access.
So should I set separate ACLs for them ....?
Or should I bring them into a separate IP range and then allow DIRECT ....... ?
I decided to define ACL on IP address basis and to allow yhem full access...
But I need help in configuring proxy.pac
Please help.......................
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.