[squid-users] Squid on separate box and it can't see packets
Amos Jeffries
squid3 at treenet.co.nz
Fri Feb 17 13:59:25 UTC 2017
On 15/02/2017 9:18 a.m., John Pearson wrote:
> Hi,
>
> Is this squid box a router or just a proxy?
> - just a proxy
There is the first problem.
NAT interception needs the machine Squid is running on to be configured
to operate as a router. It will be receiving packets destined to a
machine other than itself.
>
> What tcpdump command did you ran?
> - sudo tcpdump -i eth0
>
> What is the networks that are involved?
> Setup:
>
>> Client (192.168.1.8) ---> | Rotuer |
>> | gateway/dhcp | --->
>> Internet
>> Squid box (192.168.1.2) ---> | 192.168.1.1 |
>
>
> Here Client (debian), squid (debian) and router are three separate devices.
>
So the Squid machine;
requires this bit you did:
<http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect>
PLUS the system TCP stack controls to turn it from a origin-server host
to a routing host. Otherwise the machine will silently drop packets not
destined to itself.
The router machine requires this:
<http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute#When_Squid_is_Internal_amongst_clients>
The router machine probably also needs the "Routing Setup":
<http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute#Routing_Setup>
Amos
More information about the squid-users
mailing list