On 23/05/11 18:37, Tux Mason wrote:
> Hello,
>
>> The global connections will go back to the Cisco with the Squid box IP and then go through whatever border NAT you have in place. The private client> IP will never touch the global Internet directly.
>
> Please explain.
That was the simple explanation. There is a diagram below that may help.
>
>>> As it stands you can track the internal LAN PC behaviour directly from the
>>> Squid logs without having to record and lookup NAT conversions after the
>>> fact.
>
> I have the squid box on a public subnet. Traffic from the client gets
> to the squid box with a private IP. From the netstat output,
> the squid box replies to the client directly using it's private IP
> which cannot be routed.
>
> That is why I was looking for a way of making the router NAT the wccp
> traffic. This would ensure traffic gets to the squid box
> with the router's public IP. The squid box can then send replies back
> to the router which then checks it's nat table and sends
> the reply to the client pc from which the request originated.
Using the diagram on http://wiki.squid-cache.org/Features/Wccp as a
reference.
NOTE: the green is actually a tunnel. Inside it is the blue.
You are considering SNAT the blue link traffic at the router end. In
order to bend the purple back to the router and DNAT in the middle.
Could work.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.7 and 3.1.12.1Received on Mon May 23 2011 - 13:57:40 MDT
This archive was generated by hypermail 2.2.0 : Mon May 23 2011 - 12:00:02 MDT