is your firewall an application gateway?
you must be listening in your firewall on 80 and 443 ports
you can forward all incoming requests from 80 port to 8080 and 443 to 8443
on your DMZ but that's a task for your firewall and it's transparent for
your squid and webserver...
As a matter of fact i guess that the idea of using different ports in DMZ
than the standard is for hidding the real ports in this network, so you
should receive requests on the standard ports in your on all the non-dmz
network in your firewall .
-----Original Message-----
From: jeremy.t.grant [mailto:jeremy.t.grant@mail.sprint.com]
Sent: Thursday, April 19, 2001 11:34 AM
To: Squid User Mailing List
Subject: [squid-users] DMZ front end to server on the privite network...
SO far I have been able to get squid to work just fine as a proxy for
http...but now we are through in a few changes to the way our system is
running...here is how we have it right now...
_____ ______
/ DMZ \ / \
/ _____ \ http / ______ \
Internet___| |Squid| |_____|_____| |Web | |
80| |Proxy| | | 8080| |Server| |
\ ----- / Firewall \ ------ /
------- --------
We have traffice coming in on 80 that is sent over to the webserver on
8080...the squid proxy is in the DMZ and the webserver is on a privite
network on the otherside of a firewall with only a few ports open...
The way we are being asked to setup squid not will look like this...
_____ ______
/ DMZ \ / \
/ _____ \ http / ______ \
Internet___|_|Squid| |_____|_____|_|Web | |
80| |Proxy| | | 8080| |Server| |
___|_| |_|_____|_____|_| | |
443| | | | | 8443| | | |
\ ----- / Firewall \ ------ /
------- --------
We are being asked to add https to the config...we need to have any
request coming in on port 443 forwarded to the webserver on 8443...this
will be ssl so we are not sure if it is possable or not...
Here is my current squid.conf file minus comments...
http_port 80
http_port 443
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 8443 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
icp_access allow all
httpd_accel_host 10.101.78.34
httpd_accel_port 8080
I know squid is listening on port 443 now I need to know how to get it to
redirect to 8443 on the other server...do I have to have squid runing
twice one time for port 80 and anther time for port 443 so that I can get
it to redirect...or is ther something I can do itnt eh config file to make
it do this...I have not found any the README file, mailing list archive,
FAQ or user manul that was able to help me...I did learn a lot about squid
trying to figure this problem out but not hte info I need for this...also
if anyone can see any changes I should make to the config to make squid
run better for the way I am using it...
Jeremy T Grant
Solaris and Linux System ADmin
Advanced System Engineering
Sprint
Received on Thu Apr 19 2001 - 14:00:59 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:23 MST