Hello all,
I'm trying my hands with openvswitch and squid. This is what I want to achieve.
The client tries to connect to the server. This packet is handled through an openvswitch and it's sent to a machine running squid for proxying. The machine running squid sees the packet with client to server but iptables rules help in delivering this packet up the stack. On a cache hit, squid responds back to the client and also installs iptables rules on the fly and hence the source IP is that of the server.
This is achieved through the following configuration in squid.conf.
http_port 3128 intercept
With this configuration however, on a cache miss case, squid uses it's IP address as the source IP to connect to the server. What I expect is squid to use the client's IP address to establish this new connection to the server. From the squid.conf, I believe I need to use the tproxy mode with the http_port directive, but I'm stumped about what iptables rules to configure.
I'm trying to follow the steps here (http://wiki.squid-cache.org/Features/Tproxy4#Feature:_TPROXY_version_4.1.2B-_Support) but no luck yet. And I don't understand why I'd need to use WCCP for something like this.
I expect squid to use the client's IP address and the reverse traffic from the server will make it's way to squid's box through openvswitch. All squid has to do is install an iptable rule on the fly for the outgoing connection to use the client's IP address and also have a corresponding reverse rule to translate from the client's IP address to squid's IP address.
The kernel that I'm using is 3.16 and it has the nf_conntrack and xt_TPROXY modules insmoded. Can someone help me with this?
Thanks,
Srinath
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
