Search squid archive

Re: Mikrotik and Squid Transparent

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi

Sorry missing something here.

I thought this was a mikrotek rtr , presumably acting as a default
gateway for the local lan to the internet.
it has a DNAT rule to capture all internet traffic that is port 80
(and presumably at some point in time port 443) and it DNATS it to the
SQUID box.

and there needs to be a special rule on the DGW to allow squid access
out to the internet with out resending it back to the squid and
creating a loop.

from memory thats how I used to do this. unless the DGW is large
enough to run squid, then DNAT to the local box and onto squid.

Why would there be a DoS for SQUID on another box, the only resources
I can think of is the NAT table, maybe conntrack

Alex



On 26 June 2015 at 22:49, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
> On 27/06/2015 12:14 a.m., Alex Samad wrote:
>> aren't squid and nat box different ? that was my presumption..
>>
>
> Best not to.
>
> The dst-IP:port on the TCP packets entering the Squid machine is where
> Squid will send the outgoing server requests. If that dst-IP is the IP
> of the Squid machine itself you get into big DoS-level trouble really fast.
>
> Amos
>
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux