Re: [squid-users] Question about configuration directive http_port

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 17 Oct 2011 17:12:11 +1300

On 17/10/11 15:29, - Mikael - wrote:
> What is the best http_port directive to use in this scenario?
>
> Squid has a public IP.
> All clients are behind NAT firewall with public IP.
> Firewall sends all NATed client traffic to Squid.
> Squid fetches the site, returns the hit back to the firewall which
> then forwards it to appropriate clients.

You see to misunderstand the notion of HIT. Being that there is no fetch
performed by Squid on HITS. Squid only fetches MISS or revalidations.

> Clients are unaware of the squid proxying any traffic.
>
> Thanks.

Assuming the firewall is running on the same OS as Squid:
   * the "intercept" option. ("transparent" in older Squid).

Assuming the firewall is running on a different box or VM to Squid:
  * reconfigure to use policy routing or WCCP to get the packets to the
Squid box. NAT erases destination IP information required by Squid. It
_must not_ be done on an external machine.
  * implement NAT on the Squid box firewall and use "intercept".

Now, a bigger question is whether your Squid is built with support for
the particular firewall it is collaborating about NAT with?
  ./configure --enable-* options.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.16
   Beta testers wanted for 3.2.0.13
Received on Mon Oct 17 2011 - 04:12:28 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 18 2011 - 12:00:04 MDT