On 07/12/10 19:16, Saurabh Agarwal wrote:
Hi All
Does squid running in transparent mode on port 3128 needs explicit
iptables rules to intercept port 80,8080 traffic and send it to port
3128 of squid.
Yes. NAT interception (aka "transparent mode") requires iptables NAT rules.
I would advise using a different port than 3128 or any commonly
associated with HTTP. It is only needed between Squid and iptables on
the local box, with some security vulnerabilities if it can be contacted
directly by forward-proxy traffic.
Can httpd_accel_port acl be used instead of iptables rules for
different destination ports?
httpd_accel_* options are all obsolete since 2.5.
Squid since 2.6 can receive traffic of each type simultaneously when
given the appropriate mode flag on separate http_port lines. Using one
port to receive more than one type of traffic leads to problems.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.9
Beta testers wanted for 3.2.0.3