Re: [squid-users] Re: Traffic redirection

From: Amos Jeffries <>
Date: Thu, 26 Jul 2012 15:11:30 +1200

On 26.07.2012 13:54, Abhishek Chanda wrote:
> Hi all,
> I observed two more things:
> 1. I ran wireshark on the Squid box and observed that the client is
> looking for a service called ndl-aas on port 3128. But no such
> service
> is running on the system.

Normal if your /etc/services is listing the IANA registrations instead
of the SANS registrations.

You can change the port 3128 entry in that file to "http-proxy" to make
it show Squid clearer.

> 2. netstat shows that Squid listens on IPV6 addresses (shows tcp6 for
> port 3128).
> Are these normal and expected?

Normal for IPv6-enabled Squid.

> Thanks
> On Wed, Jul 25, 2012 at 5:26 PM, Abhishek Chanda wrote:
>> Hi all,
>> I am trying to setup a topology like the one shown below where Squid
>> will be a transparent proxy. I have a restriction so that I cannot
>> use
>> iptables to redirect traffic to Squid. So, there is a daemon in Box
>> that captures http traffic from Client and re-writes its Destination
>> IP to point to Squid and destination port to 3128. All boxes can
>> access each other. The problem is, I ran tcpdump on all boxes and I
>> do
>> see traffic arriving at Squid, but Squid does not register a MISS or
>> HIT. The actual data still comes from Apache. Do I need to re-write
>> any HTTP header or some other configuration for this?
>> Client ------- Box ------- Squid --------- Apache
>> Thanks

Squid version?

Squid requires some way to determine that the mapping has taken place,
and to identify what the original details were.
The standard NAT functionality on your box usually provides this for
DNAT via socket options.

Question is why you can't use the built-in software?

Received on Thu Jul 26 2012 - 03:11:36 MDT

This archive was generated by hypermail 2.2.0 : Thu Jul 26 2012 - 12:00:02 MDT