-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 24.11.15 19:31, Ahmad Alzaeem пишет: > Ok > > > 1. Have you fixed DNS so that clients are now resolving the correct addresses for destination servers? > No , the issues will not be solved and will always dns resolve the ip of websites to the ip address of squid ( http & https requestst with the wrong ds tip will hit squid) > > Again , I want to solve this issue form squid Squid can't solve this. Squid is *NOT* DNS-server. Neither DNS server, nor DNS cache. It's only HTTP/HTTPS caching proxy. > > > 2. Are you performing NAT *only* on the machine where Squid is running? > > > Yes I have redirect rules that redirect the http & https to the port that squid listen . > So I have : > http_port 3128 > http_port 10.159.144.206:11611 intercept > > iptables : > > ptables –t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.159.144.206:11611 > ptables –t nat -A PREROUTING -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.159.144.206:11611 > > > Do you know where that IP address comes from? Is your DNS still broken, is this the IP address of the Squid server, does it mean anythign at all in your network? > > Some ips are locally and some ips are outside , so we have port forwarding well > > For now , skip the outside users and focous in the inside users > The dns is separated server differ than squid , but both on same network > > The DNS is not broken , it will resolve some websites to ip address of squid and other websites will rslve to other ip , so again I don’t want to touch the DNS and I want to work on the current state > >> So how to let squid bypass checking it ? > > It's not a matter of bypassing Squid checking it - it's a matter of making it correct so that the checks do not fail. > > Im open to let squid do it and let wrong dstp ips forwarded well on squid . > > >> Is my way above wrong ? > > I think so, but please answer the questions above so we can be more sure. > >> U say we need proxy mode ?? >> >> How should I implement proxy mode since user will not put ip:port in >> his browser > > Use DHCP options and/or WPAD. > > Assume ips are static ips on clients > > > > > Thanks again and im awaiting ur suggestions > > cheers > > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWVGdvAAoJENNXIZxhPexG/rwH/0DrUvdpp3T2o5F5r3UzbsHE QtuZ9YC7Dc/9fR0uKIoTb7/yEwnuk7bqvMDVezoytDil7l+Id+HVbH6foStjch+B aN6NFXtzcV0bMKSUiJM6rX0tXLfOun1dlbsYaBb6SQlItj4LUAeVNZA/Mlaef94j Fu/rJB2mgxz5mlIdjJQlR2cEbGGZZgKd3+TAAf2i1GXFRReyaFvzn2wfSkZzb2vU gaGrVSKhBvzW0XUe8xGLp/KVHA1jr//zoF1raEoqRrDqFTbGjjepHbAVnes/SR32 JxMyoIJ/8H8ybFnBFG3OT1ilC1spSke8tKQRO8Rjz9TWWRcp7+ApXrp+Ezqoi3s= =wz9M -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
