[squid-users] squid "internal?" loop - with no firewall nat going on..?

Amos Jeffries squid3 at treenet.co.nz
Thu Mar 12 12:05:55 UTC 2015

On 13/03/2015 12:27 a.m., Klavs Klavsen wrote:
> Klavs Klavsen wrote on 03/12/2015 12:15 PM:
>> the routing example didn't seem to work :(
> As I understand it.. I can't use DNAT on client machine to get packages
> to squid box.. and since it's locally generated packages(ie. I want to
> capture on the clients - instead of capturing on their default gateway),
> the packages only traverse POSTROUTING and OUTPUT..
> any hints appreciated :)

You can either, set the clients default gateway to be the Squid machine
which just forwards non-HTTP packets on to the actual gateway router
which is set as Squid machines default gateway.

Or, add policy routing into the gateway router diverting just the port
80 traffic from the real clients (but excluding the Squid machine) to
the Squid machine as its upstream router.

In both those cases both the normal gateway and the Squid machine are
configured as routers with the Squid machine using the real gateway as
its default gateway.

Or, you can run Squid on the main gateway router - provided it has
enough memory for what you want it doing.

You can also physically plug the Squid machine into the network path as
a router before the main gateway router. This is same as the first
option but hard-wired as well as configured.

Capture wont work on client devices because Squid cant make system calls
directly into their remote machines kernel / NAT driver. You end up with
wrong IPs know to Squid and those loops.

So, pick one of the two above options and lets see why the routing is
"not working".


More information about the squid-users mailing list