> > Ok. This will cause problems with MTU discovery in both directions, but > mainly in Squid->client direction. > > If you are today using conntrack on this Linux router then I would > strongly recommend the use of CONNMARK to route HTTP sessions rather than > packets.. doing so will allow MTU discovery to continue function like > normal. Thank you for the tip, will try do something but maybe you have forking example of such configuration? If no - don't worry too much. > > - On Squid (Linux, separate machine): > > redirect packets coming to port 80 to port 3128 using iptables REDIRECT > target. > > Is this "behind" the router using the router as gateway to the clients, > or on the same side of the router as the clients? Squid is behind the gateway, from the upstream provider path.
Ok, thank you for the help - will try to help those solutions. Andriy
