So does that mean I can run the DNAT on the firewall/router/load balancer device and remove the intercept line from my configs, and expect things to work? On Nov 18, 2015 10:43 PM, "Amos Jeffries" <squ...@treenet.co.nz> wrote:
> On 19/11/2015 3:08 p.m., Brendan Kearney wrote: > > I am trying to set up a transparent, intercepting squid instance, along > > side my existing explicit instance, and would like some input around > > what i have buggered up so far. > > > > i am running HAProxy in front of two squid instances, with the XFF > > header added by HAProxy. My squid configs are all set to follow the XFF > > for the real source and logging is setup around digesting XFF for the > > source. > > > > i took my config and added: > > http_port 192.168.88.1:3129 intercept > > This tells Squid you are intercepting the traffic between HAProxy and > Squid. > > You describe HAProxy as explicitly sending traffic to the Squid, so > there is no need for interception into Squid. > > > > > this tells me that i am getting to the squid instances via the load > > balancer, but i am running into the "NAT must occur on the squid box" > > rule, i think. > > Yes. That rule and the intercept option that cause it does not apply > when the software sending traffic to Squid is explicitly configured. > Such as you describe HAProxy being. > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
