On 8/04/2015 9:20 p.m., Jaydeep Kubavat wrote: > Hi, > > I've configured a transparent squid proxy on a centos 6.6 with single NIC. > > There is Cisco ISG in between with L4 redirection on www traffic. > > The requests are coming on port 80 from client and ISG forwards that to > port 80 on my squid server.
No, no it does not. If you configured the remote router coorrectly: It passes the packet to your Squid box for handling. The packet still says port 80 *on some other server*. Once the TCP SYN packet reaches the Squid box ... > > So there is no iptables configured on squid server. > ... nothing happens to it. "Dropped on the floor.", etc. If you configured the router badly: ... many varied things (all nasty) could happen. Please have a read through: <http://wiki.squid-cache.org/SquidFaq/InterceptionProxy> in particular the sections: * "Concepts of Interception Caching" * "Requirements and methods for Interception Caching" * "Getting your traffic to the right port on your Squid Cache" <snip> > > my squid is configured default, only > > http_port 3130 Port 3130 is generally used for ICP (which is a UDP based protocol) > http_port 80 intercept This has no use other than to potentially prevent your Squid being able to open the listening port (unless the worker has root privileges - not good). Any port will do and a randomly selected port number higher than 1024 is better. Only Squid and the machines TCP stack systems will have anything to do with it - not the packets nor any external system. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
