On 15/01/2016 1:27 a.m., Antony Stone wrote:
> On Thursday 14 January 2016 at 13:21:57, jean-yves boisiaud wrote:
> 
>> My squid box is not on a firewall, but on a dedicated server in the DMZ,
>> between the internal and the external firewall.
> 
>> On the internal firewall, port 80 is redirected to the squid box port 3128,
>> for transparent proxying.
> 
> Won't work.
> 
>> When I use a navigator with the proxy set to the squid box and port 8080,
>> everything is working fine.
>>
>> But when I use the same navigator with direct internet connection (no
>> proxy), squid returns me a HTML page with an access denied error message.
>>
>> What do I miss in my configuration ?
> 
> You *must* perform the NAT on the machine Squid is running on for intercept 
> mode to work.
> 
> Doing it on any other router along the way will not work.
> 

For reference,
<http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute>
is the config needed on the internal frewall to pass traffic to Squid.
And <http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat> for
the Squid machine itself.

Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Reply via email to