On 21.03.2012 05:32, Eliezer Croitoru wrote:
On 20/03/2012 18:23, Zhu, Shan wrote:
Hi, all,
I have a fundamental question that, after studying books and on-line
documents, I still cannot answer it myself.
That is, when configuring Squid for transparent caching, why do we
need to forward HTTP from Port 80 to Port 3128? What makes it
necessary? If we just let Squid to listen on Port 80, what would make
the difference.
Can anyone help answer this question?
have you though about it that the client is not asking for port 80 of
the squid server\gateway?
so...
if you dont understand it i will be glad to explain it to you on the
squid irc channel or via email.
True. The Squid listening port number is irrelevant.
The critical thing to know is that no traffic is safe to connect
directly to the port Squid listens on. It is a very good idea to
firewall it completely sealed on the Squid box at some point before NAT.
NAT being second so packets will arrive there even when it is fully
locked down.
I advise against using port-80 and 3128. Because 80 is the officially
registered HTTP port and you may want to do other things with it, and
3128 is the official proxy port. You probably want to keep 3128 open for
proxy management requests or error page embeded object delivery (you
could pick another port for regular proxy use though).
Amos
