Jephe Wu - http://linuxtechres.blogspot.com
Environment: company (domain.com) LAN (10.0.0.1/24) is connected to Internet through lease line, the proxy server, which is also firewall, running Squid 2.6 for LAN users to access Internet. Another proxy(10.0.0.2/24)on the LAN, which is also firewall, connected to company headquarter office through lease line for users to access some internal websites.
Objective: Users only use 10.0.0.1 as Internet proxy to access both external and internal websites, for internal websites, the 10.0.0.1 will use 10.0.0.2 as parent proxy to access it.
company external websites: *.domain.com except for jephe1.domain.com and jephe2.domain.com
company internal websites: *.internal.domain.com, jephe1.domain.com and jephe2.domain.com
Steps:
1. configure Squid on 10.0.0.1 as follows:
http_port 10.0.0.1:8080
cache_peer 10.0.0.2 parent 8080 3130 no-query
cache_peer_domain 10.0.0.2 .internal.domain.com jephe1.domain.com jephe2.domain.com
acl internal dstdomain .internal.domain.com jephe1.domain.com jephe2.domain.com
never_direct allow internal
Now you can only use proxy 10.0.0.1:8080 to access both Internet and all internal websites.
Note:
1. According to http://quark.humbug.org.au/publications/squid/introsquid.html,
One important concept that must be understood is that of parents and siblings. A sibling is a cache that your proxy, when it receives a request for a URL, sends a query to to see if it has a copy of it. The sibling then sends back either ``Yes, I have it'' or ``No, I don't have it''. The proxy then decides if it should retrieve this object from a sibling, or go get it from the source directly. A parent is a proxy that, if none of the siblings have a copy of the object you want, your proxy opens a request to and asks the parent to go get a copy for it, rather than fetching it directly.
2. never_direct directive means it will go through parent proxy for both http and https request for those internal domains. Otherwise, if the http request for internal websites are redirected to https request, 10.0.0.1 will try to fetch those https request directly from itself without going through parent again. If configured 'never_direct', then it will go through parent proxy for https request after redirection as well.
3. no-query is a ICP options to disable ICP queries to this cache.
skip to main |
skip to sidebar
Total Pageviews
Posts
Bookmark
Search This Blog
Followers
keywords
oracle
mysql
clone
db2
linux
apache
lvm
rman
zabbix
RIP
hp
ms sql
openldap
openssl
ssh
Oracle VM
percona
expdp
freebsd
impdp
logshipping
pf
backup and restore
centos
dd
ilo
performance tuning
putty
snmp
vmware
vnc
NFS
RAC
ansible
aws
bash
cisco
cognos
dns
email
iscsi
ldap
nc
netapp
openssh
rsync
socat
tomcat
traceroute
udev
vsp
windows
FAQ
LUN
RHN
acl
awr
bonding
chage
chroot
clustering
clusterware
controlfile
dataguard
dbforbix
firewall
gmirror
gpg
grub
icmp
initrd
ipsec
iptables
kickstart
kpartx
leputty
mss
mtu
multipath
ntfs
ntfs-3g
ntfsclone
ntfsresize
ntp
oracle installation
partition
pga
raid
replicate
resize2fs
restore
screen
sendmail
serial console
serial port
setfacl
sftp
shrink
snapshot
snmptrap
sparse
sql server
sqldeveloper
ssl certificate
sssd
sudosh
tcptraceroute
telnet
tshark
ulimit
virtualization
vmstat
vpn
xfs
zmodem
63s
ASM
Amazon
DMS
DNSSEC
DR
EVA
MBR
MariaDB
OEL
ORA-03135
ORA-3135
Oracle Linux
RDS
SAM
SQL ALG
TSIG
VIM_VCDB
X port forwarding
ack
adcli
addm
alter session
amm
archive log
asmi
audittrail
awk
base64
bdb
best practice
bind
bios
blat
bostion
bsd
cable modem
carp
cd copy
certificate
checkpoint
chntpw
chrony
citidirect
console
core dump
corkroo
cpio
cpu
crs
cups
cygwin
datafile corruption
db2advis
dbua
ddclient
ddl
ddrescue
deflate
delegation
delete
dhcp
disaster recovery
disown
drac
dyndns
ebs
ec2
em
emctl
epel
erase
export
fdisk
foreman
fsck
ftp
ftp-proxy
fuser
getent
getfacl
gmail
gpart
halt
hardware
hugepage
hvm
ibm
import
innobackupex.
innodb
iops
ipmi
keepalive
kerberos
keystore
keytool
kvm
limits.conf
listener
load balancing
lockwait
logshiping
loop
lsof
lvextend
mailsend
map drive
md5sum
mdadm
mime
minicom
mmm
mmm2
mod_proxy
mount
mount options
movie
mp3
mrtg
msmtp
mtr
mutt
mwm
mysql-proxy
mysqldump
nagios
nat
netstat
network
networkmanager
nohup
ntop
ocr
octopussy
offset
opatch
openbsd
oracke
oracle names
oracle-validated
oradim
ossec
ovm
p5
packet loss
padsize
pageant
partprobe
partx
password
pfile
php
phpldapadmin
ping
pip
pmtu
port forwarding
poweroff
proxyarp
proxytunnel
pscp
psk
psp
pstree
pt-table-checksum
pvm
pvresize
qmail
qwinsta
racoon
ramfs
rbsu
rdr
readonly
realm
reboot
recover
remi
reset password
resize
resolv.conf
resource manager
rhel
rhn_register
rhnreg_ks
rmmod
rpm
rsa
rsyslog
rwinsta
scn
secure delete
security group
selinux
session cookie
setsid
sfdisk
shred
shutdown
size
smo
snapdrive
snapmanager
snare
socks
spfile
sql server management studio
sqlplus
squid
ssl
ssms
ssmtp
static-route
statistics
storage
stty
su
sudo
swap
swatch
syn
synonym
syslog-ng
sysman
tablespace
tar
tcp
tcpdump
terminal services
thunderbird
tiger
time since last restore
timeout
timestamp
timezone
tls
tmpfs
toad
trace
tracetcp
trigger
ttyS0
twm
undelete
undo
upgrade
uptime
usermod
validate
vcenter
verisign
vi
virt-manager
virtio
virtualbox
vlm
vpc
wget
winrm
wireless
wireshark
wscale
xauth
xhost
xtrabackup
yum
All Posts
-
▼
2010
(75)
-
▼
September
(12)
- How to reset a terminal service connection for Win...
- X Windows port forwarding with sudo and ssh
- How to configure timezone for Linux server
- How to use configure Squid proxy to access both In...
- Cloning a physical RHEL 5 server to vmware virtual...
- How to setup VMware server 2.0.2 under CentOS 5.5 ...
- Change oracle default passwords for sys, system, d...
- Disable the excessive logging of snmpd for RHEL 5
- setting bash shell limits for oracle user
- Enable password age and complexity for production ...
- connect to server or router serial console port un...
- How to effectively shutdown the servers
-
▼
September
(12)
About me
Linux SysAdmin with 20+ years experience, Oracle/MySQL DBA, RHCE