I forgot to paste my pf.conf # rdr pass inet proto tcp from 10.0.0.9/32 to any port 80 -> 10.0.0.24 port 3128 # nat on bge0 inet from any to port 80 -> bge0 rdr pass inet proto tcp from 10.0.0.23 to any port 80 -> 10.0.0.24 port 3129 # pass on bge0 inet proto tcp from bge0 to bge0 port 3128
# block in pass in log quick on bge0 pass out log quick on bge0 pass out keep state On Sat, Mar 7, 2015 at 8:24 AM, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 8/03/2015 1:09 a.m., Monah Baki wrote: > > Forgot to paste my test. > > > > Basically from my squid server: > > root@ISN-PHC-CACHE:/cache/squid/bin # ./squidclient -h www.cnn.com -H > > 'Host: www.cnn.com\n' -p 80 > > HTTP/1.1 302 Found > > Server: Varnish > > Retry-After: 0 > > Content-Length: 0 > > Location: http://edition.cnn.com80 > > Um, that redirect URL is invalid. This Varnish is outputting garbage. > > > However, this test result does prove that output traffic from your Squid > should be fine. The test connecting to your port 3128 should confirm > that by getting the same or very similar result for normal traffic. > > > So the problem is on the input. It could still be at the client end, or > in the NAT redirection. > > One thing I've not seen clarified in the discussion is which machine the > NAT rules have been placed (Squid box? or router?). Sorry if I missed that. > The NAT operation MUST be done on the Squid box or the local machines > NAT system tells it the client was connecting to connect to > itself/Squid:3129 (which is the forwarding loop). > > The router looks liek a Cisco device, so it must do L2 routing > redirection or WCCP to deliver packets to the Squid machine without > having altered their IP:port details in any way. > > Amos > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users