[squid-users] squid "internal?" loop - with no firewall nat going on..?
kl at vsen.dk
Tue Mar 10 15:52:10 UTC 2015
I'm trying to follow this on a test client (haven't gotten it working yet):
(where squid is amongst the internal clients - actually on it's own vlan
- but it's not the default route)
but this won't work:
ip route add default via 10.47.18.181 dev eth0 table 201
RTNETLINK answers: No such process
which seems to be because this way of routing will only work if the
squid box is on the same network as the clients.. :(
I would like to have the squid box on it's own vlan.. (and ip-segment)..
do I need to setup some tunneling, or perhaps tproxy can be used..
I was hoping I could simply direct packages to squid (doing NAT on
clients) - and squid would get hostname and other details from data.. as
accel mode does :(
Antony Stone wrote on 03/10/2015 03:18 PM:
> On Tuesday 10 March 2015 at 15:09:14 (EU time), Klavs Klavsen wrote:
>> so intercept mode is only used, if you actually do the nat'ing on the
>> same server as squid is running..
> You can do the NATting somewhere else; the important point is that the traffic
> must be NATted, not direct.
>> ie. I should use accel mode instead in my use case?
> NO. Accelerator mode is entirely different (from both intercept mode and
> normal Squid usage). Accelerator mode is for placing squid in front of a
> specific web server (or a bunch of them, but not the entire Internet). It is
> not for enabling clients to connect to the Internet in general.
Klavs Klavsen, GSEC - kl at vsen.dk - http://www.vsen.dk - Tlf. 61281200
"Those who do not understand Unix are condemned to reinvent it, poorly."
squid-users mailing list
squid-users at lists.squid-cache.org
More information about the squid-users