On 18/10/11 22:57, zozo zozo wrote:
So does it mean Squid works only with NAT-ted packets? Should it not accept direct connection to the port?
No, and no. You configured this port as receiving NAT traffic, that is what Squid is expecting there. Any other traffic to this particular port is an error.
Or does it check iptables for forwarding entries?
Yes. The intercept flag causes that. If NAT fails, the requests are rejected.
I'm not sure why its doing a TCP reset in your case. You should be seeing a 409 error message instead.
Does it mean that now intercepting squid can only work on the gateway machine?
No. It means that routers like yours need to be configured for policy routing (aka "packet forwarding") instead of NAT port mapping (aka "port forwarding").
This config was written particularly for the *WRT use case (but applies to any Linux router):
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
Makes little sense to me - I'm using HTTP port forwarding from DD-WRT router to the server, obviously I can't have squid on router. On Ubuntu I have Squid v3.1.11, is it new feature in 3.2?
Yes. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.16 Beta testers wanted for 3.2.0.13
