Re: [squid-users] Transparent proxy

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 06 Apr 2011 12:06:11 +1200

 On Wed, 06 Apr 2011 08:40:32 +1200, Mike Bordignon (GMI) wrote:
> Hello
>
> I'm using squid 3.1.6 on Debian Squeeze. I run two instances of squid
> - on port 3128 and 3129. The instance on port 3128 services my LAN
> clients, authenticating via Kerberos/negotiate. The other instance
> acts as a transparent proxy (via a DNAT rule on a router).
>
> I have two questions.
>
> a) Is this the best way of achieving a transparent proxy, to run
> another instance of squid, or can I successfully combine both
> instances into one?

 You can combine them both in any squid-2.6 or later.
 Just place the http_port lines from each into one config file.

> b) Should I have the two instances/caches peer with each other using
> cache_peer ?

 You may want it for failover or load leveling etc.

 It is not necessary for handling the different types of traffic.

> c) Can squid proxy SSL requests transparently ?
>

 Yes. But only for one definition of "transparent": the HTTP RFC
 definition.
 /pedant

 It will not handle NAT intercepted SSL.

 Amos
Received on Wed Apr 06 2011 - 00:06:20 MDT

This archive was generated by hypermail 2.2.0 : Wed Apr 06 2011 - 12:00:03 MDT