[squid-users] split horizon dns proxy
Jeff Scarborough
scarboro at envysion.com
Wed Jun 17 21:23:14 UTC 2015
I am currently using Squid 3.1 that comes packages in RHEL 6. I have this
line in my config:
http_port 80 intercept
I have a split horizon dns. This means if you lookup any address for my
domain from the internet you get the address of the squid proxy server.
However if you lookup the same name from my proxy server you get an
internal RFC1918 IP address for the specific name.
Using squid 3.1 this works great. A user tries to connect to a URL and by
DNS resolution is sent to the proxy server, the proxy server then does a
DNS lookup of the name in the URL and gets the actual address and sends the
request to the correct place.
When I try and upgrade to anything beyond 3.2 this breaks. I am finding
references that intercept as of Squid 3.2 NAT is required. Reference from
an email post in 2013:
In Squid since 3.2 if
the original TCP details are not found in the NAT records some
restrictions are placed on what happens with the request and response.
My question is, is there anyway back to the old behavior? What are the
restrictions mentioned?
You may ask why I am not using the accel mode as this is quite obviously a
reverse proxy. The reason is I could not get accel to work with the RTSP
server we are using. I suspect because the Content-length returned by the
RTSP server is invalid as it is unknown since it is streaming video and the
length of the content is not known until a user stops the playback.
When I configure the proxy using accel I can get normal text pages back as
expected but the video fails with TCP_MISS_ABORTED this happens on all
version of squid.
The reason I am trying to upgrade Squid is to be able to do all of this
using HTTPS.
Jeff Scarborough
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150617/36dd20c7/attachment.html>
More information about the squid-users
mailing list