On 23/05/11 18:37, Tux Mason wrote:
Hello,
The global connections will go back to the Cisco with the Squid box IP and then go through whatever border NAT you have in place. The private client> IP will never touch the global Internet directly.
Please explain.
That was the simple explanation. There is a diagram below that may help.
As it stands you can track the internal LAN PC behaviour directly from the
Squid logs without having to record and lookup NAT conversions after the
fact.
I have the squid box on a public subnet. Traffic from the client gets
to the squid box with a private IP. From the netstat output,
the squid box replies to the client directly using it's private IP
which cannot be routed.
That is why I was looking for a way of making the router NAT the wccp
traffic. This would ensure traffic gets to the squid box
with the router's public IP. The squid box can then send replies back
to the router which then checks it's nat table and sends
the reply to the client pc from which the request originated.
Using the diagram on http://wiki.squid-cache.org/Features/Wccp as a
reference.
NOTE: the green is actually a tunnel. Inside it is the blue.
You are considering SNAT the blue link traffic at the router end. In
order to bend the purple back to the router and DNAT in the middle.
Could work.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.12
Beta testers wanted for 3.2.0.7 and 3.1.12.1
