[squid-users] transparent proxy original_dst err
Amos Jeffries
squid3 at treenet.co.nz
Tue Apr 21 13:24:44 UTC 2015
On 22/04/2015 12:43 a.m., jaykbvt wrote:
> Hi Amos,
>
> Thanks for reply.
>
> ++++++++++++++++++++++++
> local=*10.58.200.33:80 remote=10.210.83.249:*3375 FD 10 flags=33: accepted
> ++++++++++++++++++++++++
>
> since squid is able to understand which client is requesting and following
> lines talks about request..
>
> ++++++++++++++++++++++++
> parseHttpRequest: parseHttpRequest: req_hdr = {Host: www.wikipedia.org
> User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:35.0) Gecko/20100101
> Firefox/35.0
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Language: en-US,en;q=0.5
> Accept-Encoding: gzip, deflate
> Connection: keep-alive
>
> }
> ++++++++++++++++++++++++
>
> you still feel there could be issue with Cisco erasing original dst-IP
> value.??
Yes. Its receiving the HTTP properly, but the broken TCP details
(10.58.200.33:80) prevent the requests being relayed on to the right server.
pPS. Unless you are working for Wikimedia and the 10.58.200.33:80
actually is the backend server address. In that case we would have gone
completely the wrong way to a fix.
>
> The thing is Cisoco ISG is not managed by us. They are saying they've
> configured any incoming traffic from clients for web its redirected to
> squid's IP. I'm no expert on Cisco ISG, yet I've asked them to share the
> config pertaining to squid. I am awaiting their response.
>
> Can you help me what should I ask them or point towards to check..and what
> type squid/iptables config combination should I do on my squid server given
> my network scenario.
As per the DNST page you used already:
<http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat>
Just make sure you have all 4 iptables rules listed on the page. Rather
than just the 1 you mentioned having.
Amos
More information about the squid-users
mailing list