On 2/12/2016 6:27 a.m., klops wrote: > Does this mean the squid box has to be the overall gateway for the internal > network for transparrancy to work?
That is just one option. The other two are routing or tunnel, as I mentioned in the second sentence. > > The reason the proposed setup the way it is is because AWS VPC service has > a service based NAT gateway which we have not low level control over and it > is the default gateway. We want to only route http/https traffic over to > squid and the rest via their NAT gateway NAT is a destructive process. DNAT erases the clients original destination-IP and the only way around that requires that DNAT to happen on the same machine as Squid. If you cannot do that, then you cannot use intercept or tproxy modes on this Squid. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
