[squid-users] Transparent Proxy
Amos Jeffries
squid3 at treenet.co.nz
Wed Apr 8 09:51:49 UTC 2015
On 8/04/2015 9:20 p.m., Jaydeep Kubavat wrote:
> Hi,
>
> I've configured a transparent squid proxy on a centos 6.6 with single NIC.
>
> There is Cisco ISG in between with L4 redirection on www traffic.
>
> The requests are coming on port 80 from client and ISG forwards that to
> port 80 on my squid server.
No, no it does not.
If you configured the remote router coorrectly:
It passes the packet to your Squid box for handling. The packet still
says port 80 *on some other server*.
Once the TCP SYN packet reaches the Squid box ...
>
> So there is no iptables configured on squid server.
>
... nothing happens to it. "Dropped on the floor.", etc.
If you configured the router badly:
... many varied things (all nasty) could happen.
Please have a read through:
<http://wiki.squid-cache.org/SquidFaq/InterceptionProxy>
in particular the sections:
* "Concepts of Interception Caching"
* "Requirements and methods for Interception Caching"
* "Getting your traffic to the right port on your Squid Cache"
<snip>
>
> my squid is configured default, only
>
> http_port 3130
Port 3130 is generally used for ICP (which is a UDP based protocol)
> http_port 80 intercept
This has no use other than to potentially prevent your Squid being able
to open the listening port (unless the worker has root privileges - not
good).
Any port will do and a randomly selected port number higher than 1024 is
better. Only Squid and the machines TCP stack systems will have anything
to do with it - not the packets nor any external system.
Amos
More information about the squid-users
mailing list