Amos Jeffries wrote on 03/12/2015 02:27 PM:
On 13/03/2015 1:52 a.m., Klavs Klavsen wrote:
I'd rather not have to route everything (incl. normal ingoing web
traffic) through the squid box.. and the firewalls are proprietary stuff
- so can't install squid there :)
You don't, port 80 TCP is all that *needs* it, and only for the traffic
from clients you want to go through Squid.
so you're saying that I should set default gateway to point to squid -
and then setup routes to the firewall for traffic I don't want to go
through squid (internal stuff.. dns, rpm mirror etc.)
meaning that all traffic (not just port 80) to public internet adresses
will go through squid. Since I have haproxy in front of the webservers -
they'll respond to haproxy directly, and traffic to websites on the
webservers won't go through squid.
If you are passing outgoing web traffic through Squid the responses
(incoming) have to come back through it.
can't I just masquerade/dnat outgoing traffic from squid server - so
firewall will route response to it?
If you have external stuff making requests to internal servers, that can
be left alone in the same way Squid' outgoing traffic is.
Are we talking more or less than 100Mbps of port 80 traffic here?
far far less :)
it's just a few api calls to facebook etc.
--
Regards,
Klavs Klavsen, GSEC - kl@xxxxxxx - http://www.vsen.dk - Tlf. 61281200
"Those who do not understand Unix are condemned to reinvent it, poorly."
--Henry Spencer
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users