-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have one ;) http://i.imgur.com/VaPu6pq.png 06.02.2015 21:15, Amos Jeffries пишет: > On 7/02/2015 3:37 a.m., Raymond Norton wrote: >> I have the following scenario: >> >> >> >> We have a number of Verizon Aps configured to run associated devices >> through a GRE >> tunnel between Verizon and our network, using a 10.99.0.0/16 subnet which >> is NATed to a public address. Policy based routing sends all >> port 80 and 443 traffic originating from 10.99.0.0/16 to qlproxy IP >> (10.10.1.85) (squid proxy). IPtables on qlproxy box port-forwards all 80 >> and 443 traffic to 3126 & 3127. Qlproxy (4.0) has appropriate >> transparent and ssl_bump rules to process incoming traffic. >> >> >> >> >> Squid logs show the request for web pages is made via the policy based >> routing (Mikrotik Firewall/Router), but nothing is returned to the >> requesting device. It just simply times out after a long wait. >> > > Considered Path-MTU discovery? > > Make sure that ICMP (and ICMPv6) are enabled and working on all networks > the traffic traverses between Squid and the devices. > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJU1PyJAAoJENNXIZxhPexGJ0kH/07GQNdoSqXlhH9iduf7TJBC KVWHy1GpHrYmL8CPpvWy64Am5ccczmFgSVxnyLTzC6x/o8b5pSHswYm6XvBsJQYM gOeAau3i1RHjQQcU8nWwA5K8mFumJvcjvyPt+ImY4Kx+x32nNfRVpgjq2SHzb3gJ LVNIygHzYb1C3VoRNCCoAU17eFKoJcSRhcIa9TyVjo6Yaxs8Xmg4Zg8zIO+4qwKJ 2dmEFMKDJ6so55OxnaEjoU/1MLjJditNXGkQbjLYaXc5o4ASCC5a6k+xvP8ApYhq VQFRKv92TAHaoF6ciyj/VVx+vD8U7IS6OmPeeaAa1Ij/tGcawVerGT/ZrPVoYj8= =r6b4 -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
