[squid-users] Does anyone have a working Juniper SRX with tproxy squid?
Eliezer Croitoru
eliezer at ngtech.co.il
Thu Aug 27 17:48:06 UTC 2015
I am gathering information on different routing options for squid tproxy
mode for quite some time.
I have a working settings for:
- Cisco
- Linux
- FreeBSD
- OpenBSD
- Mikrotik
The topology I have tested it until now is at:
http://ngtech.co.il/squidblocker/topology1.png
The Edge router divert traffic to the squid instances using routing policy.
I have been reading about ways to make squid work with Juniper but they
all use intercept mode and not tproxy.
A list of sources until now:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB23300
https://andymillett.co.uk/2013/09/14/load-balancing-transparent-redirect-junos/
http://kb.juniper.net/InfoCenter/index?page=content&id=KB21046
http://forums.juniper.net/t5/SRX-Services-Gateway/SRX650-routing-instance-not-working/m-p/54130
http://forums.juniper.net/t5/SRX-Services-Gateway/port-80-redirection-on-srx650-cluster/m-p/53010
http://serverfault.com/questions/442385/how-to-route-all-network-traffic-for-vlan-through-a-proxy-server-on-srx
https://forum.ivorde.com/squid-http-s-transparent-proxy-with-juniper-srx-part-3-t14191.html
http://kb.juniper.net/InfoCenter/index?page=content&id=KB23895
###END SOURCES
I know that on FreeBSD and Linux I must refer to route each packet by
itself or to mark the connection.
On juniper SRX devices I do not know what to do exactly.
I have seen an option to disable the flowd which follows the tcp\udp
flows and I am not sure it is a requirement.
My current vSRX settings are at:
http://paste.ngtech.co.il/pdsltlobf
And the connection is being redirected from the client to the proxy and
back from the proxy to the client.
The issue is that the traffic which flows from the internet back which
suppose to be redirected into the proxy are flowing back to the client.
The issue as I identify it is that there is a routing decision based on
some routing table.
The option I have seen here and there mentioned are to use a virtual router.
I am pretty sure there is some network admin here on the list which
might have a clue about how to solve the reverse path traffic flow
routing issue.
Thanks,
Eliezer
More information about the squid-users
mailing list