Re: [squid-users] squid transparent nat interception

From: Pawel Mojski <>
Date: Wed, 29 Aug 2012 16:30:25 +0200

W dniu 29-Aug-12 16:11, Pawel Mojski pisze:
> W dniu 29-Aug-12 15:20, Pawel Mojski pisze:
>> [...]
>>> No, they are not.
>>> The first of all, The problem appers even with no redirection. For
>>> example.
>>> If I start squid, then telnet localhost 8081, the do:
>>> GET / HTTP/1.0
>>> Host:
>> [...]
>> To be a little more specific, here is some example.
> [...]
> It have to be a bug in (may any 3.2.0.x - is that
> one which I use).
> When I downgraded to 3.1.19 all problems dissappeared (on the same
> config file).

Ok, I figured out what the problem is but I have no idea how to fix it.
In 3.1.19 transparent nat works in simple scenario.
tcp connection was established with client, then Host: header was readed
and new connection between squid and remote server (resolved from host
header) was established.

In it works another way. squid are connecting to the ip address
from destination address in tcp packet received by squid.
So, if I'm using DNAT (not REDIRECT in iptables) the original
destination address is replaced with squid ip address, to squid are
connecting to himself.
Just like with my telnet demo. Destination address was squid address so
squid was connecting in the loop to himself.

So, is it possible to do it in 3.1 style? I can not use REDIRECT because
squid is not a router and even is not in the same subnet with other
clients. Only way to deploy my scenario is using DNAT over ther internet.

Please. Help.

Received on Wed Aug 29 2012 - 14:30:36 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 29 2012 - 12:00:08 MDT