We are a group of students working on Linux virtualserver (LVS) project.We want to implement Squid services through LVS.We had implemented already Mailservers through LVS.We are facing some problems on configuring LVS with squid.Kindly spare some time to solve our problem:
We are using LVS with two ethernet cards( eth0 ,eth1) and two Realservers (working as squids ) having one ethernet card each. We are using two networks .One with LVS eth0 and clients side .And other with
LVS eth1 and realservers side.We are giving an example:-

LVS---------------10.11.150.1 eth0 ( Clients side interface )
LVS---------------10.11.151.99 eth1 (realservers side interface)
Realserver1-----10.11.151.98 eth0 (squid server)
Realserver2------10.11.151.97 eth0 (squid server)
Client side--------10.11.150.23 eth0
The default gateway of both Realservers is 10.11.151.99 (i.e. LVS eth1). Without LVS Squid is working fine.With LVS if we Schedule the clients
http requests to be forwarded to any Realserver(squid).Then how the squid server will contact to some webserver (e.g. yahoo.com) to fulfill clients request as there is only one ethernet card in squid machine ( which is already connected to LVS).
thanku

You can setup your squid servers like gateways to the Internet, requiring another NIC in each of realservers.

You can also let your realservers have only 1 NIC each, either by letting the realservers reach Internet on that same IP and their default gateway setting.

You can also setup their NIC's to have another IP address as well but on another IP network. This way requests to squid and requset to Internet will use the same physical network (cable), but another logical network (IP network).

The way to go depends on what you want to accomplish, speed, redundancy, low cost?

thanks for quick response sir
We want to use only one ethernet card for Squid realserver.As u suggested we had assigned already two IP address to one ethernet card and both are on different network.Taking the same example-we had assigned IP addresses to squid realserver as 10.11.150.82 and 10.11.151.99.Now as per concept of LVS we had schedule the clients internet requests to goto Squid through LVS.Now as Squid itself cannot serve internet requests.the squid has to goto some webserver (like yahoo.com) to fullfill clients requests.We had configured the squid machine(10.11.150.82) such that it should contact ISP (e.g. 192.168.0.2) for internet requests.Now to contact ISP the squid is having only one path i.e. through LVS. How is it possible for squid to goto internet through so many networks.Someone suggested us to add some iptables rules so that the squid requests can goto internet through LVS.Please refer to earlier example to clarify our problem

Well, there are no upper limit (ok, as for routing and ttl there are) to the number of networks a request can travel before reaching it's destination. Actually most requests travel across 10+ networks before reaching it's destination.

It all comes down to routing. Next hop towards the destination is decided upon looking at the current routing table. If no explicit route exist, then the packet is forwarded to the default gateway (gw) set for that host.

To make it possible for your squid servers to fulfill the clients web requests, then you will have to setup a proper default gw (beeing the IP of LVS eth1.
Configure your LVS to forward the packets from squid and set the right routing on them.

Sir, We are new to this routing field .So please guide us how to solve the problem

We searched on different websites as to how to route the squid requests to internet for fulfilling the clients requests.We think that we have to add only one line using iptables but we tried different combination of iptables but in vain.Can u please tell us what exactly we should add for forwarding clients requests to internet.We had tried the following:
#iptables -A FORWARD -s 10.11.150.82 -d 10.11.150.24

where source -s address is the First IP address of squid and destination address -d is IP address of LVS.Please see that the Squid is having one ethernet card and two IP addresses (Both on different networks).Out of these two IP addresses one IP address (10.11.150.82) is set in the /etc/squid/squid.conf to work as squid and other IP address( 10.11.151.99) is connected to LVS eth1.Both squid IPs having their default gateway as 10.11.151.98( i.e.IP address of LVS eth1).

#iptables -A FORWARD -s 10.11.150.24 -d 192.168.0.2
The First iptables command forwards packets from squid to LVS and Second command from LVS to internet.But still we are not able to connect to internet from client machine.

You do not have to add an iptables rule just to 'redirect' web requests to the Internet. This work is done by the route selection, which every packet goes through.
To make squid able to reach Internet you will have to make sure that the defaulkt GW on realservers are set to the eth1 ip of the corresponding LVM machine. This will work rigt away, unless you have some iptables rules prohibiting http traffic. This could be a specific rule, or the policy of a chain.

To be able to give more useful help in this case, we will benefit from some more info, like how are your iptables rules set? which of the hosts has the Internet connection? How do you redirect traffic to squid, by manual proxy or transparent proxy?

sir, One thing we want to know that we had read on the internet that the Squid transparent proxy is incompatible with LVS.but normal squid works fine with LVS.

Is this meant that we cannot make Squid with LVS. Is there any specific difference between the Squid and Squid Transparent proxy.OR both are same.

If transparency is incompatible with LVS then you will probably have to configure all of your clients to use your squid server as their proxy.

I'm not familiar with LVS at all, but will check around a bit.

I have now read a bit about LVS and start to see what you are trying to accomplish.
As I understand it the LVS system is designed for server functions where you distribute data, like http, ftp, mail etc.
I can see the educational value of this setup, but squid it self has the ability to interact directly between several squid servers setup within a company, using both hierarchical and peer to peer designs.

To solve this problem I would still suggest 2 NICs in the realservers, or else the load balancing LVS servers would be a bottleneck and destroy the benefit of loadbalancing.