[Users] Issue with VZ setup with squid
Ed Groth
ed at boxpopu.li
Mon Aug 31 16:29:47 EDT 2009
Ian,
I am guessing that the iptables rule is what is blocking the request
from the inside to your web site. It is not possible to port forward
using DNAT within a local network.
What you could do is set up a TCP-level proxy from your firewall to
squid (although you would have to keep track of the source address
some how.)
If you are already inside the firewall why not use the internal IP
address of your container to access its web site?
This issue would be the same with or without openvz and you can look
for more information on any linux networking newsgroup.
Thanks,
Ed
On Sat, Aug 29, 2009 at 12:36 AM, Daniel Rossi<electroteque at gmail.com> wrote:
> Hi there I emailed my situation before and was hoping someone else has a
> similar setup.
>
> I have a single ip on my server therefore I am using a firewall rule to port
> forward port 80 to a squid running on a vz container. The squid then does a
> reverse proxy for that domain to the set container internal ip address where
> a web server or service would be running.
>
> The issue with the port forward rule is, everything from the outside is able
> to view the sites via squid. But lets say I try to request any of the sites
> within a container it is trying to go through squid and therefore the
> connection never happens because squid is blocking the request for some
> reason because its seems it wants to try and proxy the requests from the VZ
> lan.
>
> Any suggestions of a firewall rule or squid setup to prevent this happening
> ?
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://openvz.org/mailman/listinfo/users
>
More information about the Users
mailing list