RE: [squid-users] transparently redirect traffic to the Squid wit h L4-7 switch

From: Hicks, Rick <[email protected]>
Date: Thu, 24 Oct 2002 17:02:48 -0600

Thanks Joe. So what should our webswitch do with the packet then ? should we
still redirect packets to port 3128 or perhaps 80 ?

Any idea how to do this with iptables or in RedHat 7.2 vs the example with
ipchains below, perhaps netfilter on 7.2 ?

Rick Hicks
Senior LAN/WAN Administrator
Stantec
Ph: (780) 917-7233
Fx: (780) 917-7349
rhicks@stantec.com
www.stantec.com
The content of this email is the confidential property of Stantec and should
not be copied, modified, retransmitted, or used for any other purpose except
with Stantec's written authorization. If you are not the intended recipient,
please delete all copies and notify us immediately.

-----Original Message-----
From: Joe Cooper [mailto:joe@swelltech.com]
Sent: October 24, 2002 5:01 PM
To: Hicks, Rick
Cc: 'squid-users@squid-cache.org'
Subject: Re: [squid-users] transparently redirect traffic to the Squid with
L4-7 switch

Hicks, Rick wrote:
> Hi working an Alteon L4-7 webswitch to transparently redirect traffic to
the
> Squid. We are running Squid on RedHat 7.2. We found examples in the
> docs(http://squid.visolve.com/faq.htm) on how to do this but all the
> examples use ipchains, 7.2 uses iptables. This is what we have done:
>
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
>
> The part that we can not figure it is how to do this with iptables ? or
> should we even have to do anything since our Alteon is redirecting all
port
> 80 requests to port 3128 on the Squid - it does not seem to work however
but
> we can see the requests are coming into the Squid box.
>
> ipchains -A input -j REDIRECT 3128 -p tcp -s <Your Network Address> -d
> 0.0.0.0/0 80 (do we need to do this at all, with iptables obviously on
7.2)

Yes, you still need local port redirection. The packet redirection at
the L4/L7 can't do it for you--even if you alter it to send to port 3128.

-- 
Joe Cooper <joe@swelltech.com>
Web caching appliances and support.
http://www.swelltech.com
Received on Thu Oct 24 2002 - 17:04:11 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:54 MST