LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 06-12-2010, 04:55 AM   #1
Mustafa Ismail Mustafa
Member
 
Registered: Nov 2009
Location: Amman, Jordan
Distribution: Ubuntu 10.04, CentOS 5.5, FreeBSD 7.2, Debian Squeeze, PC-BSD 8
Posts: 44

Rep: Reputation: 0
Squid as a reverse proxy, acl problems


OK, bear with me, because the explanation will drone for a bit. I have looked at other posts, but they don't really answer my question.

I have a network that is mostly Windows based, but with several Linux & BSD stations and essentially all our servers are CentOS 5.3 with some other network based knick-knacks.

Now, we have only one static IP to the internet but subdomains galore.

Our firewall is PFsense (which rocks the socks off of anything else I've tried and I've been around that block a few times)

Now, what I'd like is to be able to route requests to different based on the URL, hence the use of squid as a reverse proxy.

[diagram]


(Servers)

(192.168.3.99)
Surveillance/DVR -----------------------
(192.168.3.5) |
Web ------------------------------- PFsense ---------------------------- WAN (Single IP)
(Squid enabled)
(192.168.2.1) |
Email (OWA) ---------------------------|

.
.
.


Of course, the LAN is larger than that, but it gives you the idea. The subnets in range are 192.168.0.0/24-192.168.5.0/24 with all intervening subnets being /24.


Now, I'd like to set it up so that someone from outside the firewall would navigate to surveillane.mydomain.com (which externally resolves correctly to our IP address) and then gets routed by squid to the surveillance server. OF course, this same has to apply both internally and externally (LAN & WAN).


I've tried several acl combinations, but I may be really thick, but I can't figure out what I'm doing wrong.

My current acl structure is:

Code:
acl camera dstdomain surveillance.netvareas.local
acl surveillance dst 192.168.3.5
http_access allow camera AND surveillance
I appreciate the help.
 
Old 06-12-2010, 07:29 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
[ caveat: I regularly work with squid http proxy, and with reverse proxy servers, but I've not worked with squid in a reverse proxy configuration. ]

In reviewing the squid docs, that doesn't look quite right to me. Please read:
http://wiki.squid-cache.org/SquidFaq/ReverseProxy
 
  


Reply

Tags
acl, squid


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid 2.6 Reverse Proxy from Squid(3128) to OrginServer(80) Not working rraj Linux - Server 0 06-06-2008 02:29 PM
Squid Proxy Server - Cannot Add ACL tzh Linux - Software 1 08-03-2007 01:52 AM
Squid as Reverse Proxy and LAN proxy? zivota Linux - Security 2 02-26-2007 05:00 PM
I want to by pass my proxy server's ACL i.e squid aTkAl^^PiTcHu Linux - Software 4 09-06-2006 02:16 PM
acl with hostname in squid proxy jomy Linux - Networking 1 11-20-2004 08:26 AM


All times are GMT -5. The time now is 01:54 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration