On 15/01/2016 1:27 a.m., Antony Stone wrote: > On Thursday 14 January 2016 at 13:21:57, jean-yves boisiaud wrote: > >> My squid box is not on a firewall, but on a dedicated server in the DMZ, >> between the internal and the external firewall. > >> On the internal firewall, port 80 is redirected to the squid box port 3128, >> for transparent proxying. > > Won't work. > >> When I use a navigator with the proxy set to the squid box and port 8080, >> everything is working fine. >> >> But when I use the same navigator with direct internet connection (no >> proxy), squid returns me a HTML page with an access denied error message. >> >> What do I miss in my configuration ? > > You *must* perform the NAT on the machine Squid is running on for intercept > mode to work. > > Doing it on any other router along the way will not work. >
For reference, <http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute> is the config needed on the internal frewall to pass traffic to Squid. And <http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat> for the Squid machine itself. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
