So does that mean I can run the DNAT on the firewall/router/load balancer device and remove the intercept line from my configs, and expect things to work?
On Nov 18, 2015 10:43 PM, "Amos Jeffries" <squid3@xxxxxxxxxxxxx> wrote:
On 19/11/2015 3:08 p.m., Brendan Kearney wrote:
> I am trying to set up a transparent, intercepting squid instance, along
> side my existing explicit instance, and would like some input around
> what i have buggered up so far.
>
> i am running HAProxy in front of two squid instances, with the XFF
> header added by HAProxy. My squid configs are all set to follow the XFF
> for the real source and logging is setup around digesting XFF for the
> source.
>
> i took my config and added:
> http_port 192.168.88.1:3129 intercept
This tells Squid you are intercepting the traffic between HAProxy and Squid.
You describe HAProxy as explicitly sending traffic to the Squid, so
there is no need for interception into Squid.
>
> this tells me that i am getting to the squid instances via the load
> balancer, but i am running into the "NAT must occur on the squid box"
> rule, i think.
Yes. That rule and the intercept option that cause it does not apply
when the software sending traffic to Squid is explicitly configured.
Such as you describe HAProxy being.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
