On Fri, Jan 14, 2005 at 10:55:49AM -0500, Jason Opperisano wrote: > yeah--the same thing that everyone misses when they try and DNAT > onto > the same local network: > > 1) client (192.168.0.100) send TCP SYN to 192.168.0.10 port 3128 > 2) proxyA (192.168.0.10) DNATs the packet to 192.168.0.11 > 3) proxyB (192.168.0.11) receives SYN from 192.168.0.100 and replies > directly with SYN/ACK > 4) client (192.168.0.100) receives SYN/ACK from 192.168.0.11 and drops > it, as client never sent a SYN to 192.168.0.11. > > sound familiar? it feels familiar to me as i type it once again. Will it help, if I move the second squid proxy to the DMZ in 10.10.10.3 ? With warm regards, -Payal
