On 21.03.2012 06:36, Zhu, Shan wrote:
> Hi, Gareth and others,
>
> My situation is like part of you said, I am using the proxy server as
> a "gateway" and the clients are not aware of it.
>
> I am setting the squid to run on port 80, with only this
> configuration.
>
> ***
> http_port 80 transparent
> ***
>
> For experiment, I have no rules in IP tables, and it's turned off.
You sure about that? somehow packets from client are being NAT'd to
arrive at Squids IP address.
When they leave the client they say something like "destination
10.0.0.4:80" and for squid to pick them up they have to say something
like "destination 127.0.0.1:80" (or any of the IP addresses assigned to
the Squid box).
> It's basically working, at least for HTTP for now.
>
> Please also check this post:
> http://www.deckle.co.za/squid-users-guide/Transparent_Caching/Proxy
>
As opposed to the wiki maintained by the Squid authors:
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat
> From: GarethC
>
> If you set your Squid server to run on port 80, you could still run
> it as a transparent proxy, you would still need to do the port
> forwarding from your firewall to the Squid server.
>
such as:
iptables ... --dport 80 -j DNAT --to $SQUIDIP:80
Amos
Received on Tue Mar 20 2012 - 22:49:15 MDT
This archive was generated by hypermail 2.2.0 : Wed Mar 21 2012 - 12:00:03 MDT