[squid-users] Squid Transparent/intercept Issues
Antony Stone
Antony.Stone at squid.open.source.it
Wed Mar 22 11:38:38 UTC 2017
On Wednesday 22 March 2017 at 11:59:14, christian brendan wrote:
> One more thing,
> Does this implies using two NICs (Network Interface Cards)?
No, this is not necessary.
> And the squid server has to be in-between clients and the internet?
That is the simpler way of doing it (in which case you would want two NICs,
yes).
Basically your choices are:
1. Put the Squid server in the route between clients and the Internet (so, it
has two NICs, each with an address on different networks), and an IPtables
REDIRECT rule to send port 80 & 443 traffic to Squid.
2. Put your Squid server (with one NIC) wherever you like, having just a
single IP address (and able to route to the Internet), and use policy routing
on your Mikrotik router to send any packets from clients heading for port 80 &
443 out on the Internet, to the Squid server instead (without doing DNAT and
changing the destination address). You still need the REDIRECT rule on the
Squid server, and you must ensure that when Squid then makes its own request
out to the Internet, that goes out, and does not get intercepted by the
Mikrotik and sent back to Squid again :)
Antony.
--
Late in 1972 President Richard Nixon announced that the rate of increase of
inflation was decreasing. This was the first time a sitting president used a
third derivative to advance his case for re-election.
- Hugo Rossi, Notices of the American Mathematical Society
Please reply to the list;
please *don't* CC me.
More information about the squid-users
mailing list