hmm..
I'm trying to follow this on a test client (haven't gotten it working yet):
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
(where squid is amongst the internal clients - actually on it's own vlan
- but it's not the default route)
but this won't work:
ip route add default via 10.47.18.181 dev eth0 table 201
RTNETLINK answers: No such process
which seems to be because this way of routing will only work if the
squid box is on the same network as the clients.. :(
I would like to have the squid box on it's own vlan.. (and ip-segment)..
do I need to setup some tunneling, or perhaps tproxy can be used..
I was hoping I could simply direct packages to squid (doing NAT on
clients) - and squid would get hostname and other details from data.. as
accel mode does :(
Antony Stone wrote on 03/10/2015 03:18 PM:
On Tuesday 10 March 2015 at 15:09:14 (EU time), Klavs Klavsen wrote:
so intercept mode is only used, if you actually do the nat'ing on the
same server as squid is running..
You can do the NATting somewhere else; the important point is that the traffic
must be NATted, not direct.
ie. I should use accel mode instead in my use case?
NO. Accelerator mode is entirely different (from both intercept mode and
normal Squid usage). Accelerator mode is for placing squid in front of a
specific web server (or a bunch of them, but not the entire Internet). It is
not for enabling clients to connect to the Internet in general.
Regards,
Antony.
--
Regards,
Klavs Klavsen, GSEC - kl@xxxxxxx - http://www.vsen.dk - Tlf. 61281200
"Those who do not understand Unix are condemned to reinvent it, poorly."
--Henry Spencer
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
