-   Linux - Networking (
-   -   Squid as a reverse proxy, acl problems (

Mustafa Ismail Mustafa 06-12-2010 04:55 AM

Squid as a reverse proxy, acl problems
OK, bear with me, because the explanation will drone for a bit. I have looked at other posts, but they don't really answer my question.

I have a network that is mostly Windows based, but with several Linux & BSD stations and essentially all our servers are CentOS 5.3 with some other network based knick-knacks.

Now, we have only one static IP to the internet but subdomains galore.

Our firewall is PFsense (which rocks the socks off of anything else I've tried and I've been around that block a few times)

Now, what I'd like is to be able to route requests to different based on the URL, hence the use of squid as a reverse proxy.



Surveillance/DVR -----------------------
( |
Web ------------------------------- PFsense ---------------------------- WAN (Single IP)
(Squid enabled)
( |
Email (OWA) ---------------------------|


Of course, the LAN is larger than that, but it gives you the idea. The subnets in range are with all intervening subnets being /24.

Now, I'd like to set it up so that someone from outside the firewall would navigate to (which externally resolves correctly to our IP address) and then gets routed by squid to the surveillance server. OF course, this same has to apply both internally and externally (LAN & WAN).

I've tried several acl combinations, but I may be really thick, but I can't figure out what I'm doing wrong.

My current acl structure is:


acl camera dstdomain surveillance.netvareas.local
acl surveillance dst
http_access allow camera AND surveillance

I appreciate the help.

anomie 06-12-2010 07:29 PM

[ caveat: I regularly work with squid http proxy, and with reverse proxy servers, but I've not worked with squid in a reverse proxy configuration. ]

In reviewing the squid docs, that doesn't look quite right to me. Please read:

All times are GMT -5. The time now is 06:41 AM.