[squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https)
setuid
setuid at gmail.com
Wed Feb 7 23:25:09 UTC 2018
On 2/7/18 5:37 PM, Rafael Akchurin wrote:
> How is your network configured? Your rules indicate you have 2 nics but you later say you have one..
Originally, I started with 1 NIC (it's a VM), and added 2 more, because
I read that pf/ipfw can't rewrite ingress packets on the same interface
it used for egress, but I haven't tried creating a bridge and routes to
attempt to make that work yet.
The Ubuntu machine has 2 NICs; primary NIC is WAN facing (internet
routable IP bound to eth0) and the secondary NIC sits on the "backup"
network (LAN-side) on 192.168.2.x.
Let's break it down:
[WAN router]
|-- LAN: 192.168.1.1 (wired LAN)
`-- WWAN: 10.0.1.1 (wireless clients)
BSD VM: 192.168.1.25
Ubuntu VM:
|-- INET: 32.215.x.x
`-- LAN: 192.168.2.x
The WAN router is what sends traffic sent over it on :80, over to .1.25
(BSD) to cache.
Previously, I had it pointed to Squid 2.6 sitting on my NAS
(192.168.1.20) and that would work perfectly as a transparent proxy.
When I pointed the WAN router to .25 instead of .20, and upgraded the
version of Squid by using BSD's version from ports on .25, this process
all fell apart.
So... is having 3 NICs (1 NIC + 2 bridged together as bridge0) *now* a
requirement to get transparent proxying working with anything using
Squid 3.x or later?
Can this be done with a single NIC sitting on an Internet-facing LAN
segment?
If so, how?
More information about the squid-users
mailing list