[squid-users] squid "internal?" loop - with no firewall nat going on..?

Antony Stone Antony.Stone at squid.open.source.it
Tue Mar 10 15:36:31 UTC 2015


On Tuesday 10 March 2015 at 15:32:25 (EU time), Amos Jeffries wrote:

> On 11/03/2015 3:18 a.m., Antony Stone wrote:
> > On Tuesday 10 March 2015 at 15:09:14 (EU time), Klavs Klavsen wrote:
> >> so intercept mode is only used, if you actually do the nat'ing on the
> >> same server as squid is running..
> > 
> > You can do the NATting somewhere else; the important point is that the
> > traffic must be NATted, not direct.
> 
> Nope. If NAT is being performed, then it must be on the same machine as
> the proxy it is NATing *to* - haproxy in this case it seems.
> 
> NATing on machine A to port-forwarding deliver the traffic to a port on
> machine B is no different to contacting directly to the same port on
> machine B.

Hm, apologies for the misleading advice; I suspect this may be due to changes 
in Squid's handling of things since I last set up a router redirecting traffic 
to a separate Squid box.  Either that, or my brain has simply discarded some 
details in the interim... :(

Anyway, Klavs, please take Amos' advice over mine on this.


Regards,


Antony.

-- 
It is also possible that putting the birds in a laboratory setting 
inadvertently renders them relatively incompetent.

 - Daniel C Dennett

                                                   Please reply to the list;
                                                         please *don't* CC me.


More information about the squid-users mailing list