[squid-users] Using Squid as a Transparent Proxy

Srinath Krishna srinath.krishna at gmail.com
Fri Apr 24 02:29:46 UTC 2015


Hello all,

I'm trying my hands with openvswitch and squid. This is what I want to
achieve.

The client tries to connect to the server. This packet is handled through
an openvswitch and it's sent to a machine running squid for proxying. The
machine running squid sees the packet with client to server but iptables
rules help in delivering this packet up the stack. On a cache hit, squid
responds back to the client and also installs iptables rules on the fly and
hence the source IP is that of the server.

This is achieved through the following configuration in squid.conf.

http_port 3128 intercept

With this configuration however, on a cache miss case, squid uses it's IP
address as the source IP to connect to the server. What I expect is squid
to use the client's IP address to establish this new connection to the
server. From the squid.conf, I believe I need to use the tproxy mode with
the http_port directive, but I'm stumped about what iptables rules to
configure.

I'm trying to follow the steps here (
http://wiki.squid-cache.org/Features/Tproxy4#Feature:_TPROXY_version_4.1.2B-_Support)
but no luck yet. And I don't understand why I'd need to use WCCP for
something like this.

I expect squid to use the client's IP address and the reverse traffic from
the server will make it's way to squid's box through openvswitch. All squid
has to do is install an iptable rule on the fly for the outgoing connection
to use the client's IP address and also have a corresponding reverse rule
to translate from the client's IP address to squid's IP address.

The kernel that I'm using is 3.16 and it has the nf_conntrack and xt_TPROXY
modules insmoded. Can someone help me with this?

Thanks,
Srinath
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150423/e0d15488/attachment.html>


More information about the squid-users mailing list