Hello all,
I had a working transparent/intercept proxy setup with Squid 3.1 and basically the
following iptables rule on the first router:
iptables -t nat -A PREROUTING -s ${CLNT_IP} -p tcp --dport 80 -j DNAT
--to-destination ${PROXY}:${PORT}
The Squid configuration was more or less 'http_port 3128 transparent'.
Now I have to move to squid 3.2 and the above doesn't work anymore (with 'http_port
3128 intercept' instead).
After looking at
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute my
understanding is that I have to make sure the HTTP traffic that shall be proxied
transparently has to be routed without any changes (src ip, dst ip, ...) to Squid.
However, I only control the first router (R1) between the client (C) and S (Squid):
C --> R1 --> R2 --> ... --> S
\-> Internet
So, whatever the routing decision on R1 may be, R2 is likely to ignore it.
Is there any way to get the 3.1 behavior back? (Short of downgrading to squid 3.1?)
Or is there any other way for HTTP traffic from C to be proxied transparently by
Squid? Right now I can only think of setting up a tunnel (I do have control over S)
but hopefully there's an easier way.
TIA -- Till
--
Dipl.-Inform. Till Dörges doerges@xxxxxxxxxxxx
Tel. +49 - 40 - 244 2407 - 14
Fax +49 - 40 - 244 2407 - 24
PRESENSE Technologies GmbH Sachsenstr. 5, D-20097 HH
Geschäftsführer/Managing Directors AG Hamburg, HRB 107844
Till Dörges, Jürgen Sander USt-IdNr.: DE263765024
