[squid-users] squid "internal?" loop - with no firewall nat going on..?

Klavs Klavsen kl at vsen.dk
Tue Mar 10 15:52:10 UTC 2015


I'm trying to follow this on a test client (haven't gotten it working yet):
(where squid is amongst the internal clients - actually on it's own vlan 
- but it's not the default route)

but this won't work:
ip route add default via dev eth0 table 201
RTNETLINK answers: No such process

which seems to be because this way of routing will only work if the 
squid box is on the same network as the clients.. :(

I would like to have the squid box on it's own vlan.. (and ip-segment).. 
do I need to setup some tunneling, or perhaps tproxy can be used..

I was hoping I could simply direct packages to squid (doing NAT on 
clients) - and squid would get hostname and other details from data.. as 
accel mode does :(

Antony Stone wrote on 03/10/2015 03:18 PM:
> On Tuesday 10 March 2015 at 15:09:14 (EU time), Klavs Klavsen wrote:
>> so intercept mode is only used, if you actually do the nat'ing on the
>> same server as squid is running..
> You can do the NATting somewhere else; the important point is that the traffic
> must be NATted, not direct.
>> ie. I should use accel mode instead in my use case?
> NO.  Accelerator mode is entirely different (from both intercept mode and
> normal Squid usage).  Accelerator mode is for placing squid in front of a
> specific web server (or a bunch of them, but not the entire Internet).  It is
> not for enabling clients to connect to the Internet in general.
> Regards,
> Antony.

Klavs Klavsen, GSEC - kl at vsen.dk - http://www.vsen.dk - Tlf. 61281200

"Those who do not understand Unix are condemned to reinvent it, poorly."
    --Henry Spencer

squid-users mailing list
squid-users at lists.squid-cache.org

More information about the squid-users mailing list