W dniu 31-Aug-12 03:41, Amos Jeffries pisze:
[...]
Pawl started his problem description with "on the gateway". Which is a
phrase usually only used by people with separate gateway and Squid
devices. Meaning he very probably is doing NAT on packets outdside of
the Squid box - the #1 side effect of doing things that way is the SYN
packet problem he described.
NAT creates a lie in the packet headers. The gateway box is lying to
Squid box about where the packets are destined. Squid now operates
transparently (when possible) "believes" that lie and sends the
request there, just like any bridge or switch would if the proxy were
turned off.
Thanks Amos for detailed answer.
Because I want to make my squid public avaible over internet (with auth
ofcourse) I have to allow other users to create:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to
my.public.ip.address:8081 on their own routers, I have no other
way then proxy chaining squid3.1->squid3.2.
Regards;
Pawel Mojski
