On 07/12/10 19:16, Saurabh Agarwal wrote:
> Hi All
>
> Does squid running in transparent mode on port 3128 needs explicit
> iptables rules to intercept port 80,8080 traffic and send it to port
> 3128 of squid.
Yes. NAT interception (aka "transparent mode") requires iptables NAT rules.
I would advise using a different port than 3128 or any commonly
associated with HTTP. It is only needed between Squid and iptables on
the local box, with some security vulnerabilities if it can be contacted
directly by forward-proxy traffic.
>
> Can httpd_accel_port acl be used instead of iptables rules for
> different destination ports?
httpd_accel_* options are all obsolete since 2.5.
Squid since 2.6 can receive traffic of each type simultaneously when
given the appropriate mode flag on separate http_port lines. Using one
port to receive more than one type of traffic leads to problems.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.9 Beta testers wanted for 3.2.0.3Received on Tue Dec 07 2010 - 08:38:54 MST
This archive was generated by hypermail 2.2.0 : Tue Dec 07 2010 - 12:00:01 MST