[squid-users] Running squid out of the router/gateway

From: Sebastian muniz <basurerosebita_at_gmail.com>
Date: Thu, 19 Jan 2012 14:37:10 -0300

Hello *
I work at a small ISP. We give non routeable IPs 172.16/12 IPs to most
of our customers, and some of them buys publics IPs from us.
We have a squid box in the public segment of our network
Until now we were NATing at mikrotiks outgoing tcp/80 connections to
the squid public ip ( 200.45.94.2 ).
This worked quite good, but lately we have an issue with forwarding
loops such as:
at cache.log
2011/11/20 15:15:09| WARNING: Forwarding loop detected for:
POST /versioncheck.asp HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Pragma: no-cache
Content-Length: 75
Via: 1.0 powerweb.iaconecta.com (squid/3.1.12)
X-Forwarded-For: 200.45.94.7
Host: 200.45.94.2:31280
Cache-Control: max-age=259200
Connection: keep-alive

And at access.log
1324811063.537 4 200.45.94.2 TCP_MISS/400 69381 POST
http://200.45.94.2:31280/versioncheck.asp - DIRECT/200.45.94.2
text/html
1324811063.538 6 200.45.94.2 TCP_MISS/400 69467 POST
http://200.45.94.2:31280/versioncheck.asp - DIRECT/200.45.94.2
text/html
[....]

Reading at squid site, looks like NATting outgoing connections to a
squid running on an other box is not a good idea.
Questions:
What is the suggested way to implement this scenario?
How can I get rid of the loop?

THanks in advance.
Received on Thu Jan 19 2012 - 17:37:16 MST

This archive was generated by hypermail 2.2.0 : Fri Jan 20 2012 - 12:00:03 MST