[squid-users] transparent proxy original_dst err
Amos Jeffries
squid3 at treenet.co.nz
Wed Apr 22 03:01:03 UTC 2015
On 22/04/2015 7:31 a.m., jaykbvt wrote:
> Hi Amos,
>
> Thanks for reply,
>
> I think I got ur point. If I understood correctly,
>
> if a user makes request for http://www.wikipedia.org then the client request
> header should look like:
>
> src: client_IP:random_port
> dst: wikipedia.org(ip_address):http
> http request: http_request details. (host,url,etc..)
>
> and squid should get the packet like that.
correct.
>
> But since Cisco ISG is in between which seems to be changing the client
> request header like:
>
> src: client_IP:random_port
> dst: squid_IP:http
> http request: http_request details. (host,url,etc..)
>
> and eventually squid fails to understand where to send http_request.
correct.
>
> And thats why we should look at cisco ISG config.
yes.
>
> my iptables config looks like:
>
> iptables -t nat -A PREROUTING -s 10.58.200.33 -p tcp --dport 80 -j ACCEPT
> iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination
> 10.58.200.33:3129
> iptables -t nat -A POSTROUTING -j MASQUERADE
> iptables -t mangle -A PREROUTING -p tcp --dport 3129 -j DROP
>
And correct.
Thats all we can help with I'm afraid until at least the Cisco issue is
resolved.
Amos
More information about the squid-users
mailing list