On 3/20/2012 1:23 PM, Zhu, Shan wrote:
Hi, all,
I have a fundamental question that, after studying books and on-line documents, I still cannot answer it myself.
That is, when configuring Squid for transparent caching, why do we need to forward HTTP from Port 80 to Port 3128? What makes it necessary? If we just let Squid to listen on Port 80, what would make the difference.
Can anyone help answer this question?
Thanks,
Shan
When you configure Squid to work as a transparent it gets the ability to
understand http queries in two different protocols: as an http server
and as an http proxy.
The client is not aware that the proxy is in the middle of it's
connection. So it will speak as if it were talking to an http server in
the internet.
So, for example, it will try to tcp connect using http protocol to an ip
at 8.8.8.8:80
Even if you put squid to listen on port 80 on your gateway, the client
is asking to connect to 8.8.8.8:80 in the internet, the connection will
be routed there.
So, using the extremely powerful linux firewall, you are to redirect
that connection to the correct IP:PORT your squid is listening.
In a sense you are changing the destination IP of the connection, like a
-j DNAT.
This is different to the case where the client know of the proxy
existence, and does a connection using proxy protocol to the proxy
IP:PORT, and no redirection is needed.
Regards
Sebastian
