[svlug] using reverse-proxy and firewall...

Florin Andrei florin at sgi.com
Wed Jan 8 10:16:56 PST 2003


On Wed, 2003-01-08 at 09:11, George Georgalis wrote:
> 
> 1) use iptables to redirect ip:80 to ip:3130 on the firewall
> 2) run the webserver on a local subnet, port 80
> 3) run squid on firewall
> 4) use djbdns conditionals to give the firewall ip answers for internet queries
> 5) use djbdns conditionals to give the webserver ip answers for local queries
> 
> okay so what's wrong with that scenario? squid gets the request on port
> 3130 and queries the webserver on that port too, bummer.

There are two options in squid.conf: httpd_accel_host and
httpd_accel_port. The latter tells Squid what's the port of the web
server. It is not related to http_port which tells Squid on what port to
listen.

> I can think of several different ways to fix this, but which is the
> best? I want to avoid the obvious, have squid listen on port 80, because
> the firewall function is already quite complex and that would make it
> really confusing (if you saw how it's put together).

Heh, too bad, because that's (like you said) "the obvious".

> The next thought
> would be to run the webserver on 3130 :) but that seems funny.

Why not? Since it's "behind the curtain" it does not matter.

-- 
Florin Andrei

"If you had a giant corporation trying to stamp you out, and the entire
film and recording industry trying to restrict your software from
playing their media, then you'd be political too." - Bruce Perens




More information about the svlug mailing list