[squid-users] Transparent Squid Proxy Server
Amos Jeffries
squid3 at treenet.co.nz
Thu Jun 4 10:07:00 UTC 2015
On 4/06/2015 6:43 p.m., Reet Vyas wrote:
> Hi,
>
> I changed the iptables still no luck :( but I am using squid 3.3 only can I
> didn't understand why you have configured 3129 ,3130 and 3128 port?
Because due to historic (browser war politics) reasons there are three
different protocol message syntax in HTTP/1.x - depending whether the
traffic is on port 80 (HTTP origin), 443 (HTTPS origin), or 3128 (HTTP
proxy).
* Normal forward/explicit proxy traffic occurs on port 3128. Squid needs
this port regardless of whether your main traffic use is on another port
type, because some proxy responses will have URLs generated for embeded
content to be fetched from the proxy itself.
* NAT intercepted port 80 traffic needs to be delivered to a different
proxy http_port with the "intercept" flag. The tutorials use 3129 to
make it clear its not to be 3128, but it SHOULD be something random you
make up that you can also have the firewall blocking connections
directly to it by clients.
* NAT intercepted port 443 traffic needs https_port directive (note the
's') which means another port number separate from the port 80 one.
Amos
More information about the squid-users
mailing list