[squid-users] Transparent and non Transparent at the same time

Eliezer Croitoru eliezer at ngtech.co.il
Thu Oct 27 17:55:25 UTC 2016


Well this is the most efficient and less risker way.
I do not know MikroTik enough to the hardware but it has a routing engine so... routing policy.
In the past I wrote about it somewhere with details instructions on how to do it in a mikrotik.

Eliezer 

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il


-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Yuri Voinov
Sent: Thursday, October 27, 2016 20:51
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Transparent and non Transparent at the same time


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
You absolutely sure, Eliezier? :)


27.10.2016 23:46, Eliezer Croitoru пишет:
> You need routing policy not DNAT.
>
> Eliezer
>
> ----
> Eliezer Croitoru
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: eliezer at ngtech.co.il
>
>
> -----Original Message-----
> From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org]
On Behalf Of erdosain9
> Sent: Thursday, October 27, 2016 19:08
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] Transparent and non Transparent at the same
time
>
> Ok... but i have this problem
>
>  ERROR: NAT/TPROXY lookup failed to locate original IPs on
> local=192.168.1.15:3130 remote=192.168.1.1:52090 FD 14 flags=33
>
> ...
> I put some dstnat in Mikrotik (192.168.1.1)
>
>
> ip firewall nat add chain=dstnat src-add=192.168.1.121 protocol=tcp
> dst-port=80  action=dst-nat
> to-addresses=192.168.1.20 to-ports=3129
>
> ERROR: NAT/TPROXY lookup failed to locate original IPs on
> local=192.168.1.20:3129 remote=192.168.1.1:52153 FD 14 flags=33
> 2016/10/27 14:01:43 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on
> local=192.168.1.215:3129 remote=192.168.1.1:52154 FD 14 flags=33: (92)
Protocol not available
>
> I dont have iptables or firewalld... im using Centos... is necessary
enable firewalld or iptables???
>
>
> im using the PC (192.168.1.121 for test) Thanks
>
>
>
> --
> View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Transparent-and-non-Transparent-at-the-same-time-tp4680309p4680330.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

- -- 
Cats - delicious. You just do not know how to cook them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJYEj6aAAoJENNXIZxhPexGKMwH/1bJbs+gQQAg5rdk/pyskSYB
hPxlzR2MCa2glOhDMKqcnBBscv94ITVJW4eCzxZZZaNhAe1xbBISUhFfS3SBpCbn
C6RfOMG0N2D1uXRDRtskuoELMbfxOsRPGLcUC1a7acUts299k+oTz1kpLlzWWWTB
kfNvDZTLTvatvgGTI6lD9EUjk7zR0DbzXDX6AuF8UZ2z2izv/RqPMFKu9se+zkGe
gjGgDNYwD1gBDXhPvTzLRjRnWgZPv0Cb4L63JPerZvl+nPt6gcfPf32DR8imkKeg
YnDp3YDZQcZqMZRWANBb7UZefQ/PNisoHhLybhoQ7SuyKEVq2tKmq1DPwcSy18A=
=iuPQ
-----END PGP SIGNATURE-----




More information about the squid-users mailing list