Ian, I am guessing that the iptables rule is what is blocking the request from the inside to your web site. It is not possible to port forward using DNAT within a local network.
What you could do is set up a TCP-level proxy from your firewall to squid (although you would have to keep track of the source address some how.) If you are already inside the firewall why not use the internal IP address of your container to access its web site? This issue would be the same with or without openvz and you can look for more information on any linux networking newsgroup. Thanks, Ed On Sat, Aug 29, 2009 at 12:36 AM, Daniel Rossi<[email protected]> wrote: > Hi there I emailed my situation before and was hoping someone else has a > similar setup. > > I have a single ip on my server therefore I am using a firewall rule to port > forward port 80 to a squid running on a vz container. The squid then does a > reverse proxy for that domain to the set container internal ip address where > a web server or service would be running. > > The issue with the port forward rule is, everything from the outside is able > to view the sites via squid. But lets say I try to request any of the sites > within a container it is trying to go through squid and therefore the > connection never happens because squid is blocking the request for some > reason because its seems it wants to try and proxy the requests from the VZ > lan. > > Any suggestions of a firewall rule or squid setup to prevent this happening > ? > _______________________________________________ > Users mailing list > [email protected] > https://openvz.org/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] https://openvz.org/mailman/listinfo/users
