On 13/03/2015 12:27 a.m., Klavs Klavsen wrote: > Klavs Klavsen wrote on 03/12/2015 12:15 PM: >> >> the routing example didn't seem to work :( >> > As I understand it.. I can't use DNAT on client machine to get packages > to squid box.. and since it's locally generated packages(ie. I want to > capture on the clients - instead of capturing on their default gateway), > the packages only traverse POSTROUTING and OUTPUT.. > > any hints appreciated :) > You can either, set the clients default gateway to be the Squid machine which just forwards non-HTTP packets on to the actual gateway router which is set as Squid machines default gateway. Or, add policy routing into the gateway router diverting just the port 80 traffic from the real clients (but excluding the Squid machine) to the Squid machine as its upstream router. In both those cases both the normal gateway and the Squid machine are configured as routers with the Squid machine using the real gateway as its default gateway. Or, you can run Squid on the main gateway router - provided it has enough memory for what you want it doing. You can also physically plug the Squid machine into the network path as a router before the main gateway router. This is same as the first option but hard-wired as well as configured. Capture wont work on client devices because Squid cant make system calls directly into their remote machines kernel / NAT driver. You end up with wrong IPs know to Squid and those loops. So, pick one of the two above options and lets see why the routing is "not working". Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users