On 2/12/2016 6:27 a.m., klops wrote:
> Does this mean the squid box has to be the overall gateway for the internal
> network for transparrancy to work?
That is just one option. The other two are routing or tunnel, as I
mentioned in the second sentence.
> The reason the proposed setup the way it is is because AWS VPC service has
> a service based NAT gateway which we have not low level control over and it
> is the default gateway. We want to only route http/https traffic over to
> squid and the rest via their NAT gateway
NAT is a destructive process. DNAT erases the clients original
destination-IP and the only way around that requires that DNAT to happen
on the same machine as Squid.
If you cannot do that, then you cannot use intercept or tproxy modes on
squid-users mailing list