On 11/11/17 14:03, Amos Jeffries wrote:
On 11/11/17 01:05, A. Benz wrote:
Hi Amos,
Thanks for your continued support.
1.
Do you mean the VPN exit point has that 10/8 IP address? or that the
traffic from the client is altered to be going to that IP before it
reaches Squid?
The latter is broken because it destroys the original dst-IP values
on the TCP connection. Which Squid needs to setup the server connection.
Let me put it as an example:
From the normal internet: mail.amosprivateserver.org > publicly
accessible IP.
From my place: mail.amosprivateserver.org > 10.x.x.x (corporate
network, accessible only from within the place).
Anyways no worries about this! I decided to make an exception in the
redirect rule, so that if the outgoing traffic matches the IP 10.x.x.x
then the firewall will not redirect the traffic to squid and instead
establish a connection directly.
This is not ideal, but it works.
Or have Squid relay everything through the same server(s) and
the server do the distinguishing between traffic and just relay
everythign to the same
Damn that sounds daft.
What I meant to write was:
Or have Squid relay everything through the same server(s) and
the server do the distinguishing between traffic .
Or setup a cache_peer and have the traffic with src IP of the internal
clients going to that domain sent there.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users