Nathan Eady wrote:
Marcus Kool <marcus.kool@xxxxxxxxxxxxxxx> writes:
The story about Squid and HTTP 1.1 is long...
Holy cow, it would have to be. Squid is barely even older than HTTP 1.1.
To get your LiveUpdate working ASAP you might want to
fiddle with the firewall rules and to NOT redirect
port 80 traffic of Symantec servers to Squid, but
simply let the traffic pass.
*Groan*. Yeah, okay, I will look into that.
Off the top of my head, I don't actually know HOW to exclude certain
traffic from prerouting that would otherwise match the rule. (Does
REJECT even make sense in the context of the nat table?) I'll have to
look that up, I guess. I've been writing firewall rulesets long
enough to remember the transition from IP Chains to IP Tables, but
this is not something that has ever come up. But the documentation
presumably covers it...
right REJECT is on its way to be obsolete in the nat table.
Use RETURN instead on a line just before the DNAT/REDIRECT.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
Current Beta Squid 3.1.0.6
