I am currently using Squid 3.1 that comes packages in RHEL 6. I have this line in my config:
http_port 80 intercept
I have a split horizon dns. This means if you lookup any address for my domain from the internet you get the address of the squid proxy server. However if you lookup the same name from my proxy server you get an internal RFC1918 IP address for the specific name.
Using squid 3.1 this works great. A user tries to connect to a URL and by DNS resolution is sent to the proxy server, the proxy server then does a DNS lookup of the name in the URL and gets the actual address and sends the request to the correct place.
When I try and upgrade to anything beyond 3.2 this breaks. I am finding references that intercept as of Squid 3.2 NAT is required. Reference from an email post in 2013:
In Squid since 3.2 ifthe original TCP details are not found in the NAT records somerestrictions are placed on what happens with the request and response.
My question is, is there anyway back to the old behavior? What are the restrictions mentioned?
You may ask why I am not using the accel mode as this is quite obviously a reverse proxy. The reason is I could not get accel to work with the RTSP server we are using. I suspect because the Content-length returned by the RTSP server is invalid as it is unknown since it is streaming video and the length of the content is not known until a user stops the playback.
When I configure the proxy using accel I can get normal text pages back as expected but the video fails with TCP_MISS_ABORTED this happens on all version of squid.
The reason I am trying to upgrade Squid is to be able to do all of this using HTTPS.
Jeff Scarborough
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users