topic Re: port mapping in squid in Operating System - Linux

port mapping in squid

System Engineer — Tue, 29 Sep 2009 05:03:06 GMT

how to do port mapping in squid proxy?

squid proxy configured with a public ip address 59.90.72.76

type dest_host dest_port local_port
tcp 151.3.1.170 80 111
tcp 151.3.100.250 80 222

please give me an idea to do port mapping to the local servers so that it can be accessed through http from outside.

Re: port mapping in squid

Matti_Kurkela — Tue, 29 Sep 2009 11:36:18 GMT

This type of configuration is known as "HTTP reverse proxy" or "web accelerator".

Here's an example of setting up one forwarding:

http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator

The dest_port would be specified with the cache_peer directive. Look up the syntax of the cache_peer directive from here:
http://www.squid-cache.org/Doc/config/cache_peer/

Repeat the example as many times as needed.

... but if you are not specifically required to use Squid, I would suggest iptables forwarding instead, because it's easier to set up. Just two commands are needed:

iptables -t nat -A PREROUTING -p tcp -d 59.90.72.76 --dport 111 -j DNAT --to-destination 151.3.1.170:80

iptables -t nat -A PREROUTING -p tcp -d 59.90.72.76 --dport 222 -j DNAT --to-destination 151.3.100.250:80

i.e. "TCP packets incoming to 59.90.72.76 with a destination port X shall be redirected to destination Y".

The iptables settings will go away when the system is rebooted, so you will need to write a startup script or otherwise store the iptables configuration in a persistent way.

In RHEL 4 or 5, "iptables-save >/etc/sysconfig/iptables" should do the trick.

MK

Re: port mapping in squid

System Engineer — Wed, 30 Sep 2009 06:17:14 GMT

hi Matti Kurkela,

thanks for the quick responce

please guide me to configure http reverse proxy

Before the web url was http:\\59.90.72.76:111\ias\deafult.asp and http:\\59.90.72.76:222\hcl to access the package server.

after adding iptables also it is not working what else need to be checked

please guide me how to do http reverse proxy configuration for the same.

Re: port mapping in squid

System Engineer — Wed, 30 Sep 2009 13:11:01 GMT

after adding the iptables also it is not working.please suggest

pp

Re: port mapping in squid

Matti_Kurkela — Wed, 30 Sep 2009 19:04:54 GMT

Oops... if you use iptables, you will also have to enable IP forwarding.

Edit /etc/sysctl.conf, set net.ipv4.ip_forward to 1. Add this line if it does not exist:

net.ipv4.ip_forward=1

After editing the file, run "sysctl -p".

If you have other firewall rules configured, you must allow forwarding traffic to those local servers.

Did you read the Squid configuration example I linked? If you can't do it with that example, you should not be using Squid at all: if you don't know what you're doing, you're all too likely to accidentally create an "open proxy".

Open proxies can be used to send spam, to scam other Internet users for money, to make it look like you're the one downloading child porn, and many other nasty things.

There are people on the internet with automated tools for searching open proxies. Many modern computer worms and other malware will also automatically run network scans and report their findings to their creator.

MK