Re: [squid-users] Does it make sense to enable TPROXY for squid running on a gateway/firewall machine?

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Wed, 11 Apr 2007 23:44:36 +0200

ons 2007-04-11 klockan 18:23 +0100 skrev Xudong Guan:
> Hello all,
>
> First I would like to thank all the squid/tproxy developers for their
> wonderful work.
>
> I have one question about squid and tproxy. Given a typical LAN setup
> sharing a single Internet connection through a NAT gateway/firewall,
> with squid itself running on the gateway machine, working in
> interception mode, does it make sense to use TPROXY?

Not on a NAT gateway no.

TPROXY makes sense if you do not NAT traffic. I.e. where the LAN clients
all have public IPs. For example a proxy running at an ISP.

> The current squid interception FAQ only provides tproxy configuration
> example using a router and a separate squid machine.

Thats because in many environments where TPROXY is interesting the
network admins do not whant to route all traffic via a Linux box, just
the web traffic..

But it works just as well when Squid is runnin on the router. Just less
complex setup then as there is no router configuration.. (no WCCP etc).

Regards
Henrik

Received on Wed Apr 11 2007 - 15:44:42 MDT

This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT