On Tuesday 24 November 2015 at 13:34:51, Ahmad Alzaeem wrote: > Well , what I have done is : > > I configured squid http_port xx and http_port xxy intercept > > And uses iptables to redirect http & https to squid ports 1. Have you fixed DNS so that clients are now resolving the correct addresses for destination servers? 2. Are you performing NAT *only* on the machine where Squid is running? > But it don’t work and I have logs : > > 1448121527.423 10.1.1.1 TCP_MISS/503 4183 GET http://cnn.com/ - > ORIGINAL_DST/10.159.144.206 text/html 1448121554.217 10.1.1.1 > TCP_MISS/503 4771 GET http://cnn.com/ - ORIGINAL_DST/10.159.144.206 > text/html 1448121555.574 10.1.1.1 TCP_MISS/503 4685 GET > http://cnn.com/favicon.ico - ORIGINAL_DST/10.159.144.206 text/html > > As u see the ds tip is wrong and its spoofed with 10.159.144.206 Do you know where that IP address comes from? Is your DNS still broken, is this the IP address of the Squid server, does it mean anythign at all in your network? > So how to let squid bypass checking it ? It's not a matter of bypassing Squid checking it - it's a matter of making it correct so that the checks do not fail. > Is my way above wrong ? I think so, but please answer the questions above so we can be more sure. > U say we need proxy mode ?? > > How should I implement proxy mode since user will not put ip:port in his > browser Use DHCP options and/or WPAD. > Thanks a lot for helping Please do not reply to (or CC) me - please just reply to the list. Regards, Antony. -- "Black holes are where God divided by zero." - Steven Wright Please reply to the list; please *don't* CC me. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users