On 18/10/11 22:57, zozo zozo wrote:
> So does it mean Squid works only with NAT-ted packets? Should it not accept direct connection to the port?
No, and no. You configured this port as receiving NAT traffic, that is
what Squid is expecting there. Any other traffic to this particular port
is an error.
> Or does it check iptables for forwarding entries?
Yes. The intercept flag causes that. If NAT fails, the requests are
rejected.
I'm not sure why its doing a TCP reset in your case. You should be
seeing a 409 error message instead.
>
> Does it mean that now intercepting squid can only work on the gateway machine?
No. It means that routers like yours need to be configured for policy
routing (aka "packet forwarding") instead of NAT port mapping (aka "port
forwarding").
This config was written particularly for the *WRT use case (but applies
to any Linux router):
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
> Makes little sense to me - I'm using HTTP port forwarding from DD-WRT router to the server, obviously I can't have squid on router.
>
> On Ubuntu I have Squid v3.1.11, is it new feature in 3.2?
Yes.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.16 Beta testers wanted for 3.2.0.13Received on Tue Oct 18 2011 - 10:33:16 MDT
This archive was generated by hypermail 2.2.0 : Wed Oct 19 2011 - 12:00:06 MDT