-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have one ;)
http://i.imgur.com/VaPu6pq.png
06.02.2015 21:15, Amos Jeffries пишет:
> On 7/02/2015 3:37 a.m., Raymond Norton wrote:
>> I have the following scenario:
>>
>>
>>
>> We have a number of Verizon Aps configured to run associated devices
>> through a GRE
>> tunnel between Verizon and our network, using a 10.99.0.0/16 subnet which
>> is NATed to a public address. Policy based routing sends all
>> port 80 and 443 traffic originating from 10.99.0.0/16 to qlproxy IP
>> (10.10.1.85) (squid proxy). IPtables on qlproxy box port-forwards all 80
>> and 443 traffic to 3126 & 3127. Qlproxy (4.0) has appropriate
>> transparent and ssl_bump rules to process incoming traffic.
>>
>>
>>
>>
>> Squid logs show the request for web pages is made via the policy based
>> routing (Mikrotik Firewall/Router), but nothing is returned to the
>> requesting device. It just simply times out after a long wait.
>>
>
> Considered Path-MTU discovery?
>
> Make sure that ICMP (and ICMPv6) are enabled and working on all networks
> the traffic traverses between Squid and the devices.
>
> Amos
>
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQEcBAEBAgAGBQJU1PyJAAoJENNXIZxhPexGJ0kH/07GQNdoSqXlhH9iduf7TJBC
KVWHy1GpHrYmL8CPpvWy64Am5ccczmFgSVxnyLTzC6x/o8b5pSHswYm6XvBsJQYM
gOeAau3i1RHjQQcU8nWwA5K8mFumJvcjvyPt+ImY4Kx+x32nNfRVpgjq2SHzb3gJ
LVNIygHzYb1C3VoRNCCoAU17eFKoJcSRhcIa9TyVjo6Yaxs8Xmg4Zg8zIO+4qwKJ
2dmEFMKDJ6so55OxnaEjoU/1MLjJditNXGkQbjLYaXc5o4ASCC5a6k+xvP8ApYhq
VQFRKv92TAHaoF6ciyj/VVx+vD8U7IS6OmPeeaAa1Ij/tGcawVerGT/ZrPVoYj8=
=r6b4
-END PGP SIGNATURE-
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
