[squid-users] transparent proxy original_dst err
jaykbvt
jaykbvt at gmail.com
Tue Apr 21 19:31:56 UTC 2015
Hi Amos,
Thanks for reply,
I think I got ur point. If I understood correctly,
if a user makes request for http://www.wikipedia.org then the client request
header should look like:
src: client_IP:random_port
dst: wikipedia.org(ip_address):http
http request: http_request details. (host,url,etc..)
and squid should get the packet like that.
But since Cisco ISG is in between which seems to be changing the client
request header like:
src: client_IP:random_port
dst: squid_IP:http
http request: http_request details. (host,url,etc..)
and eventually squid fails to understand where to send http_request.
And thats why we should look at cisco ISG config.
my iptables config looks like:
iptables -t nat -A PREROUTING -s 10.58.200.33 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination
10.58.200.33:3129
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -t mangle -A PREROUTING -p tcp --dport 3129 -j DROP
Pls comment.
Thanks & Regards,
Jaykbvt
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/transparent-proxy-original-dst-err-tp4670846p4670856.html
Sent from the Squid - Users mailing list archive at Nabble.com.
More information about the squid-users
mailing list