[squid-users] squid "internal?" loop - with no firewall nat going on..?

Klavs Klavsen kl at vsen.dk
Tue Mar 10 15:08:51 UTC 2015


I've read the config examples..

I would very much like to understand how/why it works, if I've setup a 
client to route package to squid (instead of trying to send directly)..

I'm trying to follow this on a test client (haven't gotten it working yet):
(where squid is amongst the internal clients - actually on it's own vlan 
- but it's not the default route)

meanwhile I tried pointing to the haproxy - which then forwards requests 
in tcp mode, to squid server port 3129.

If I just send to haproxy directly, I get the loop and this in the 
1425998994.271      0 TCP_MISS_ABORTED/000 0 GET 
http://www.bt.dk/ - ORIGINAL_DST/ -

when doing:
curl -H "Host: www.bt.dk" http://proxy-haproxy-ip/ is the ip of squid server behind haproxy.

Antony Stone wrote on 03/10/2015 03:18 PM:
> On Tuesday 10 March 2015 at 15:09:14 (EU time), Klavs Klavsen wrote:
>> so intercept mode is only used, if you actually do the nat'ing on the
>> same server as squid is running..
> You can do the NATting somewhere else; the important point is that the traffic
> must be NATted, not direct.
>> ie. I should use accel mode instead in my use case?
> NO.  Accelerator mode is entirely different (from both intercept mode and
> normal Squid usage).  Accelerator mode is for placing squid in front of a
> specific web server (or a bunch of them, but not the entire Internet).  It is
> not for enabling clients to connect to the Internet in general.
> Regards,
> Antony.

Klavs Klavsen, GSEC - kl at vsen.dk - http://www.vsen.dk - Tlf. 61281200

"Those who do not understand Unix are condemned to reinvent it, poorly."
   --Henry Spencer

More information about the squid-users mailing list