Search squid archive

Re: Does Squid in transparent mode needs iptable rules?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07/12/10 19:16, Saurabh Agarwal wrote:
Hi All

Does squid running in transparent mode on port 3128 needs explicit
iptables rules to intercept port 80,8080 traffic and send it to port
3128 of squid.

Yes. NAT interception (aka "transparent mode") requires iptables NAT rules.

I would advise using a different port than 3128 or any commonly associated with HTTP. It is only needed between Squid and iptables on the local box, with some security vulnerabilities if it can be contacted directly by forward-proxy traffic.


Can httpd_accel_port acl be used instead of iptables rules for
different destination ports?

httpd_accel_* options are all obsolete since 2.5.

Squid since 2.6 can receive traffic of each type simultaneously when given the appropriate mode flag on separate http_port lines. Using one port to receive more than one type of traffic leads to problems.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.9
  Beta testers wanted for 3.2.0.3


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux