HPE Community
Operating System - Linux
1753872 Members
7306 Online
108809 Solutions
New Discussion юеВ

port mapping in squid

 
SOLVED
Go to solution
System Engineer
Occasional Advisor

тАО09-28-2009 10:03 PM

тАО09-28-2009 10:03 PM

port mapping in squid

how to do port mapping in squid proxy?

squid proxy configured with a public ip address 59.90.72.76

type dest_host dest_port local_port
tcp 151.3.1.170 80 111
tcp 151.3.100.250 80 222

please give me an idea to do port mapping to the local servers so that it can be accessed through http from outside.
0 Kudos
Reply
4 REPLIES 4
Matti_Kurkela
Honored Contributor

тАО09-29-2009 04:36 AM

тАО09-29-2009 04:36 AM

Solution

Re: port mapping in squid

This type of configuration is known as "HTTP reverse proxy" or "web accelerator".

Here's an example of setting up one forwarding:

http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator

The dest_port would be specified with the cache_peer directive. Look up the syntax of the cache_peer directive from here:
http://www.squid-cache.org/Doc/config/cache_peer/

Repeat the example as many times as needed.

... but if you are not specifically required to use Squid, I would suggest iptables forwarding instead, because it's easier to set up. Just two commands are needed:

iptables -t nat -A PREROUTING -p tcp -d 59.90.72.76 --dport 111 -j DNAT --to-destination 151.3.1.170:80

iptables -t nat -A PREROUTING -p tcp -d 59.90.72.76 --dport 222 -j DNAT --to-destination 151.3.100.250:80

i.e. "TCP packets incoming to 59.90.72.76 with a destination port X shall be redirected to destination Y".

The iptables settings will go away when the system is rebooted, so you will need to write a startup script or otherwise store the iptables configuration in a persistent way.

In RHEL 4 or 5, "iptables-save >/etc/sysconfig/iptables" should do the trick.

MK
MK
Reply
System Engineer
Occasional Advisor

тАО09-29-2009 11:17 PM

тАО09-29-2009 11:17 PM

Re: port mapping in squid

hi Matti Kurkela,

thanks for the quick responce

please guide me to configure http reverse proxy


Before the web url was http:\\59.90.72.76:111\ias\deafult.asp and http:\\59.90.72.76:222\hcl to access the package server.

after adding iptables also it is not working what else need to be checked

please guide me how to do http reverse proxy configuration for the same.
0 Kudos
Reply
System Engineer
Occasional Advisor

тАО09-30-2009 06:11 AM

тАО09-30-2009 06:11 AM

Re: port mapping in squid

after adding the iptables also it is not working.please suggest

pp
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

тАО09-30-2009 12:04 PM

тАО09-30-2009 12:04 PM

Re: port mapping in squid

Oops... if you use iptables, you will also have to enable IP forwarding.

Edit /etc/sysctl.conf, set net.ipv4.ip_forward to 1. Add this line if it does not exist:

net.ipv4.ip_forward=1

After editing the file, run "sysctl -p".

If you have other firewall rules configured, you must allow forwarding traffic to those local servers.

Did you read the Squid configuration example I linked? If you can't do it with that example, you should not be using Squid at all: if you don't know what you're doing, you're all too likely to accidentally create an "open proxy".

Open proxies can be used to send spam, to scam other Internet users for money, to make it look like you're the one downloading child porn, and many other nasty things.

There are people on the internet with automated tools for searching open proxies. Many modern computer worms and other malware will also automatically run network scans and report their findings to their creator.

MK
MK
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.