[squid-users] Squid Transparent HTTP Proxy - 2 ETH Links - HTTP Proxy

Wed Jun 14 14:16:01 UTC 2017

On Wednesday 14 June 2017 16:58:01 Eliezer  Croitoru wrote:

> It depends on the equipment..
> What you should do is to use the switch to pass all traffic to the squid mac
> address and mirror all traffic to the probe node.

http://wiki.squid-cache.org/ConfigExamples/#Interception may give you some 
useful guidelines, depending on what your equipment is.

Alternatively you could do policy routing on the "Core Router", giving the 
internal IP address of the Squid server as the gateway for HTTP/S traffic, and 
then you do the standard Intercept NAT on the Squid machine so that it gets 
processed.

http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect

Squid then has the "Internet Router" as its gateway to the outside.

The important thing is *not* to do any Destination NAT on traffic to try to get 
it to hit the Squid box.  The destination IPs of the packets must remain 
unchanged (ie: wherever they were trying to get to on the Internet).

Regards,

Antony.

> From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On
> Behalf Of Norbert Naveen
> Sent: Wednesday, June 14, 2017 4:30 PM
> To: squid-users at lists.squid-cache.org
> Subject: [squid-users] Squid Transparent HTTP Proxy - 2 ETH Links - HTTP
> Proxy
> 
> Hello Admins ,
> 
> Pls refer to the Image as in
> 
> https://drive.google.com/open?id=0B_dDVNpzSGEKZmFPWHFLWlJJMUU
> 
> The Setup will be as attached  in URL Above …
> Server which will Host Squid will have Two Interfaces with 2 Different VLAN
> Tags
> Content Inspection Engine will REROUTE all HTTP Traffic Through the Links
> coming to Squid Server .
> Squid Server has to act as TRANSPARENT PROXY
> 
> One Possible way of doing it IP tables and Masquerading SRC IP
> But … Without Changing Src or Dst IP address . How to achieve the same ?
> 
> ALL HTTP Traffic will be forward from 1 to 2 and Squid will be in between
> We will have to Forward all traffic on 1 to 2 .. ?

-- 
If you want to be happy for an hour, get drunk.
If you want to be happy for a year, get married.
If you want to be happy for a lifetime, get a garden.

                                                   Please reply to the list;
                                                         please *don't* CC me.