hmm..
I've read the config examples..
I would very much like to understand how/why it works, if I've setup a
client to route package to squid (instead of trying to send directly)..
I'm trying to follow this on a test client (haven't gotten it working yet):
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
(where squid is amongst the internal clients - actually on it's own vlan
- but it's not the default route)
meanwhile I tried pointing to the haproxy - which then forwards requests
in tcp mode, to squid server port 3129.
If I just send to haproxy directly, I get the loop and this in the
accesslog:
1425998994.271 0 10.43.18.165 TCP_MISS_ABORTED/000 0 GET
http://www.bt.dk/ - ORIGINAL_DST/10.43.18.165 -
when doing:
curl -H "Host: www.bt.dk" http://proxy-haproxy-ip/
10.43.18.165 is the ip of squid server behind haproxy.
Antony Stone wrote on 03/10/2015 03:18 PM:
On Tuesday 10 March 2015 at 15:09:14 (EU time), Klavs Klavsen wrote:
so intercept mode is only used, if you actually do the nat'ing on the
same server as squid is running..
You can do the NATting somewhere else; the important point is that the traffic
must be NATted, not direct.
ie. I should use accel mode instead in my use case?
NO. Accelerator mode is entirely different (from both intercept mode and
normal Squid usage). Accelerator mode is for placing squid in front of a
specific web server (or a bunch of them, but not the entire Internet). It is
not for enabling clients to connect to the Internet in general.
Regards,
Antony.
--
Regards,
Klavs Klavsen, GSEC - kl@xxxxxxx - http://www.vsen.dk - Tlf. 61281200
"Those who do not understand Unix are condemned to reinvent it, poorly."
--Henry Spencer
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users