On 22/04/2015 12:43 a.m., jaykbvt wrote: > Hi Amos, > > Thanks for reply. > > ++++++++++++++++++++++++ > local=*10.58.200.33:80 remote=10.210.83.249:*3375 FD 10 flags=33: accepted > ++++++++++++++++++++++++ > > since squid is able to understand which client is requesting and following > lines talks about request.. > > ++++++++++++++++++++++++ > parseHttpRequest: parseHttpRequest: req_hdr = {Host: www.wikipedia.org > User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:35.0) Gecko/20100101 > Firefox/35.0 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: en-US,en;q=0.5 > Accept-Encoding: gzip, deflate > Connection: keep-alive > > } > ++++++++++++++++++++++++ > > you still feel there could be issue with Cisco erasing original dst-IP > value.?? Yes. Its receiving the HTTP properly, but the broken TCP details (10.58.200.33:80) prevent the requests being relayed on to the right server. pPS. Unless you are working for Wikimedia and the 10.58.200.33:80 actually is the backend server address. In that case we would have gone completely the wrong way to a fix. > > The thing is Cisoco ISG is not managed by us. They are saying they've > configured any incoming traffic from clients for web its redirected to > squid's IP. I'm no expert on Cisco ISG, yet I've asked them to share the > config pertaining to squid. I am awaiting their response. > > Can you help me what should I ask them or point towards to check..and what > type squid/iptables config combination should I do on my squid server given > my network scenario. As per the DNST page you used already: <http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat> Just make sure you have all 4 iptables rules listed on the page. Rather than just the 1 you mentioned having. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users