On 17/10/11 15:29, - Mikael - wrote:
> What is the best http_port directive to use in this scenario?
>
> Squid has a public IP.
> All clients are behind NAT firewall with public IP.
> Firewall sends all NATed client traffic to Squid.
> Squid fetches the site, returns the hit back to the firewall which
> then forwards it to appropriate clients.
You see to misunderstand the notion of HIT. Being that there is no fetch
performed by Squid on HITS. Squid only fetches MISS or revalidations.
> Clients are unaware of the squid proxying any traffic.
>
> Thanks.
Assuming the firewall is running on the same OS as Squid:
* the "intercept" option. ("transparent" in older Squid).
Assuming the firewall is running on a different box or VM to Squid:
* reconfigure to use policy routing or WCCP to get the packets to the
Squid box. NAT erases destination IP information required by Squid. It
_must not_ be done on an external machine.
* implement NAT on the Squid box firewall and use "intercept".
Now, a bigger question is whether your Squid is built with support for
the particular firewall it is collaborating about NAT with?
./configure --enable-* options.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.16 Beta testers wanted for 3.2.0.13Received on Mon Oct 17 2011 - 04:12:28 MDT
This archive was generated by hypermail 2.2.0 : Tue Oct 18 2011 - 12:00:04 MDT