Transparent without NAT
-
I'm thinking--actually, already did but haven't turned it on--on putting Squid for caching in some sort of transit network using static routes to pass traffic from the edge-squid-internal only NATting on the edge; I just cloned the internal router, adjusted a few things and that was pretty much it.
Between the two there's a brand new instance where I plan to get Squid running, it haven't installed it yet, it's only routing. Originally I thought on using policy routing to direct traffic to Squid but I kept coming up with the same setup and figured it'd be easier to put them in line. I'm running multi-WAN+tunneling and I've had weird quirks in the past using Squid, that's why I'm running it in its own instance--plus it's got its own disk to so it doesn't disturb other VMs and it's easily disposable if anything bad were to happen. BTW, computers are in a domain, so I just need to issue a single subCA cert to Squid, maybe even use one 3rd level CA I keep around--there should be no problem if they all come from the same root and L2 CA, I think.
Will it work? Have you done this? I'm very confident this time I won't lose anything how it's set up but still, I'd love not to have the headache if possible.
Thanks!
