Search squid archive

Does anyone have a working Juniper SRX with tproxy squid?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I am gathering information on different routing options for squid tproxy mode for quite some time.
I have a working settings for:
 - Cisco
 - Linux
 - FreeBSD
 - OpenBSD
 - Mikrotik

The topology I have tested it until now is at:
http://ngtech.co.il/squidblocker/topology1.png

The Edge router divert traffic to the squid instances using routing policy.

I have been reading about ways to make squid work with Juniper but they all use intercept mode and not tproxy.
A list of sources until now:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB23300

https://andymillett.co.uk/2013/09/14/load-balancing-transparent-redirect-junos/

http://kb.juniper.net/InfoCenter/index?page=content&id=KB21046

http://forums.juniper.net/t5/SRX-Services-Gateway/SRX650-routing-instance-not-working/m-p/54130

http://forums.juniper.net/t5/SRX-Services-Gateway/port-80-redirection-on-srx650-cluster/m-p/53010

http://serverfault.com/questions/442385/how-to-route-all-network-traffic-for-vlan-through-a-proxy-server-on-srx

https://forum.ivorde.com/squid-http-s-transparent-proxy-with-juniper-srx-part-3-t14191.html

http://kb.juniper.net/InfoCenter/index?page=content&id=KB23895
###END SOURCES

I know that on FreeBSD and Linux I must refer to route each packet by itself or to mark the connection.
On juniper SRX devices I do not know what to do exactly.
I have seen an option to disable the flowd which follows the tcp\udp flows and I am not sure it is a requirement.

My current vSRX settings are at:
http://paste.ngtech.co.il/pdsltlobf

And the connection is being redirected from the client to the proxy and back from the proxy to the client. The issue is that the traffic which flows from the internet back which suppose to be redirected into the proxy are flowing back to the client.

The issue as I identify it is that there is a routing decision based on some routing table.
The option I have seen here and there mentioned are to use a virtual router.

I am pretty sure there is some network admin here on the list which might have a clue about how to solve the reverse path traffic flow routing issue.

Thanks,
Eliezer

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux