[squid-users] squid "internal?" loop - with no firewall nat going on..?
Klavs Klavsen
kl at vsen.dk
Tue Mar 10 15:52:10 UTC 2015
hmm..
I'm trying to follow this on a test client (haven't gotten it working yet):
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
(where squid is amongst the internal clients - actually on it's own vlan
- but it's not the default route)
but this won't work:
ip route add default via 10.47.18.181 dev eth0 table 201
RTNETLINK answers: No such process
which seems to be because this way of routing will only work if the
squid box is on the same network as the clients.. :(
I would like to have the squid box on it's own vlan.. (and ip-segment)..
do I need to setup some tunneling, or perhaps tproxy can be used..
I was hoping I could simply direct packages to squid (doing NAT on
clients) - and squid would get hostname and other details from data.. as
accel mode does :(
Antony Stone wrote on 03/10/2015 03:18 PM:
> On Tuesday 10 March 2015 at 15:09:14 (EU time), Klavs Klavsen wrote:
>
>> so intercept mode is only used, if you actually do the nat'ing on the
>> same server as squid is running..
>
> You can do the NATting somewhere else; the important point is that the traffic
> must be NATted, not direct.
>
>> ie. I should use accel mode instead in my use case?
>
> NO. Accelerator mode is entirely different (from both intercept mode and
> normal Squid usage). Accelerator mode is for placing squid in front of a
> specific web server (or a bunch of them, but not the entire Internet). It is
> not for enabling clients to connect to the Internet in general.
>
>
> Regards,
>
>
> Antony.
>
--
Regards,
Klavs Klavsen, GSEC - kl at vsen.dk - http://www.vsen.dk - Tlf. 61281200
"Those who do not understand Unix are condemned to reinvent it, poorly."
--Henry Spencer
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list