Hi Amos,

Just wanted to follow up on this saying thanks for taking the time to reply.


A. Benz

On 11/11/17 09:54, Amos Jeffries wrote:
On 11/11/17 14:03, Amos Jeffries wrote:
On 11/11/17 01:05, A. Benz wrote:
Hi Amos,

Thanks for your continued support.


Do you mean the VPN exit point has that 10/8 IP address? or that the traffic from the client is altered to be going to that IP before it reaches Squid?

The latter is broken because it destroys the original dst-IP values on the TCP connection. Which Squid needs to setup the server connection.

Let me put it as an example:

 From the normal internet: mail.amosprivateserver.org > publicly accessible IP.

 From my place: mail.amosprivateserver.org > 10.x.x.x (corporate network, accessible only from within the place).

Anyways no worries about this! I decided to make an exception in the redirect rule, so that if the outgoing traffic matches the IP 10.x.x.x then the firewall will not redirect the traffic to squid and instead establish a connection directly.

This is not ideal, but it works.

Or have Squid relay everything through the same server(s) and
the server do the distinguishing between traffic and just relay everythign to the same

Damn that sounds daft.

What I meant to write was:

Or have Squid relay everything through the same server(s) and
the server do the distinguishing between traffic .

Or setup a cache_peer and have the traffic with src IP of the internal clients going to that domain sent there.

squid-users mailing list

squid-users mailing list

Reply via email to