On 8/10/22 3:47 AM, ngtech1ltd@xxxxxxxxx wrote:
If the proxy sits in the same network that the clients sit it won’t work.
Why not?Is this because of -- what I call -- the TCP triangle problem? - Meaning that Squid sees the source as the client and replies directly?
If that's the case, you can cheat by SNATing the traffic that's going to Squid such that Squid sees the router as the source of the traffic. Thus Squid replies to the router which unDNATs it and sends it back to the original / real client.
Aside: Isn't this what WCCP was originally meant to address? Is WCCP a non-starter any more? Even with TLS bump / monkey in the middle?
-- Grant. . . . unix || die
<<attachment: smime.p7s>>
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
