Hello * I work at a small ISP. We give non routeable IPs 172.16/12 IPs to most of our customers, and some of them buys publics IPs from us. We have a squid box in the public segment of our network Until now we were NATing at mikrotiks outgoing tcp/80 connections to the squid public ip ( 200.45.94.2 ). This worked quite good, but lately we have an issue with forwarding loops such as: at cache.log 2011/11/20 15:15:09| WARNING: Forwarding loop detected for: POST /versioncheck.asp HTTP/1.1 Content-Type: application/x-www-form-urlencoded Pragma: no-cache Content-Length: 75 Via: 1.0 powerweb.iaconecta.com (squid/3.1.12) X-Forwarded-For: 200.45.94.7 Host: 200.45.94.2:31280 Cache-Control: max-age=259200 Connection: keep-alive And at access.log 1324811063.537 4 200.45.94.2 TCP_MISS/400 69381 POST http://200.45.94.2:31280/versioncheck.asp - DIRECT/200.45.94.2 text/html 1324811063.538 6 200.45.94.2 TCP_MISS/400 69467 POST http://200.45.94.2:31280/versioncheck.asp - DIRECT/200.45.94.2 text/html [....] Reading at squid site, looks like NATting outgoing connections to a squid running on an other box is not a good idea. Questions: What is the suggested way to implement this scenario? How can I get rid of the loop? THanks in advance.
