LVS, squid and Transparent Proxy

LVS, squid and Transparent Proxy

Post by Jim Tutt » Sat, 13 Jul 2002 05:30:59



I will explain my situation. I have 2 squid machines running
squidGuard. I have one LVS director, passing HTTP traffic to the squid
machines.

The squid machines are RH 7.2, and the Director is kernel 2.4.18.

My ultimate goal is to set up transparency between my clients and the
squid machines. In order to do this, I need to use a route-map on my
Cisco Catalyst 6509 and on my 3640. When I do not have the route-map
point to the Virtual IP of the LVS server,and point it directly to an
IP of a squid machine, the transparency works great. When I point it
to the Virtual IP of the LVS director, my clients never see a web
page. When I statically place the Virtual IP of the director in my
browser, I can resolve web pages and everything works great. BUT, that
is not a transparent solution.

I was wondering if you could shed some light on this issue. Have you
encountered this problem before? Would you mind explaining to me how
your set up is?

I appreciate any attention you'll give this matter.

 
 
 

1. Ipchains firewall and transparent/interception squid proxy question

heres what I have.  My linux box assignes ip's to my network clients,
it then intercepts any internet traffic and routes it to the correct
place through a squid proxy.  It does this without any proxy setting,
so basicaly any 95/98/ME machine can plug in and go with no settings
and use the browser, chat programs, ping or whatever.  This is working
well, except that when I use ssh o connect to the linux box from
within my network its really slow.  I think the connection is being
routed through the proxy.  Does anyone know how to tell it to route
everything but port 22?  Heres my firewall rules if it helps.  Thanks
in advance for any help you can give me!

             -Todd

#!/bin/sh
ipchains -F
ipchains -P output ACCEPT
ipchains -P input ACCEPT
ipchains -P forward DENY
ipchains -A input -p TCP -s 192.168.1.0/24 -d 192.168.1.1/32 www -j
ACCEPT
ipchains -A input -p TCP -s 192.168.1.0/24 -d 0/0 www -j ACCEPT  
ipchains -A input -p TCP -s 192.168.1.0/24 -d 127.0.0.1/32 www -j
ACCEPT
ipchains -A input -p TCP -s 192.168.1.0/24 -d 192.168.1.1/32 www -j
ACCEPT
ipchains -A input -p TCP -s 192.168.1.0/24 -d 0/0 www -j REDIRECT 3128
ipchains -A forward -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
ipchains -A forward -s 192.168.1.0/24 -j MASQ

2. the letter x, vi and solaris

3. Transparent Proxy - Squid & IPChains

4. HELP : how to get user_id after login/passwd authentication.

5. debian Etch transparent squid proxy error messages

6. "the modem is busy"

7. Help with configuring squid (aka proxy server) in transparent caching mode

8. pppd (server side) not exiting after lost modem connection - Help!

9. pf-transparent squid proxy

10. Squid as a transparent proxy

11. transparent web-proxy with 2 squids

12. Squid as Transparent Proxy

13. transparent proxy squid