On 2017-01-03 23:13, Hoggins! wrote:
Okay, I get that.
Le 03/01/2017 à 10:33, Antony Stone a écrit :
No - you must do the NAT (or REDIRECT) rule *on the Squid server*.
Well, my Squid server is not on the same network as my clients, so I
need something else than just a REDIRECT on the Squid itself.
That does not matter when the DNAT or REDIRECT is done on the Squid
machine.
If you need to use policy routing to get the packets to the Squid
machine in
the first place, that's okay, but this *must* be packet routing, not
address
translation
Policy routing was my first choice, but there is one important detail
in
my setup : between my gateway (192.168.22.10) and my Squid
(192.168.55.3), there's an IPSec tunnel. My gateway does not have a
link-local route to 192.168.55.3 so I can't add the default route to it
inside a routing table (I get "Network is unreachable", which is
expected).
So I guess I'm stuck.
So how did the packets get to the Squid machine after your DNAT ?
The route does not have to be link-local. Any type of route will do so
long as all the routers handling the packets know which way to pass
them, and the dst-IP address is not changed.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
