Re: ipfwadm port redirection & squid

From: Jacques Gelinas <>
Date: Mon, 24 Nov 1997 09:48:15 -0500 (EST)

On Mon, 24 Nov 1997, anindya wrote:

> Hi there folks,
> I'm not sure if this is a problem with my Linux kernel
> version's (2.0.32) support of transparent proxying, or squid
> itself, but here goes...
> I'm running squid 1.1.17, and what I would like to do is
> transparently redirect port 80 requests to port 3128 for any http
> request on my local LAN. I don't want to have to force my users
> to set their browsers up to use the proxy, but want them to use
> the cache transaprently. So, per the Net-3 and firewall
> HOWTOs, I do this:
> ipfwadm -I -a accept -y -o -P tcp -S -D 80 -r 3128
> Now, I see the packets getting redirected to 3128 (via the
> firewall packet logging, but somehow
> it munges the URL in the process. So if I make a request from
> a machine on the local LAN for, say,
> , the URL gets truncated to
> just /Squid/Devel/, which squid then complains about:
> 880351331.249 6 ERR_INVALID_URL/400 567 GET /Squid/Devel/ - N
> ONE/- -
> My question is, has anyone tried to do what I'm trying to do? And
> have they ever seen the URL get truncated in this manner?
> Any help or suggestions would be greatly appreciated, and
> I apologize if this appears to be off topic.

You have probably failed to change a single line in squid.conf to put it
in virtual accelerator mode. Without this change, squid expect proxy
request on port 3128. Now you are feeding normal http request. So it does
not work. The line to change is http_accel. Write this and restart squid

http_accel virtual 80

Jacques Gelinas (
Linuxconf: The ultimate administration system for Linux.
new developments: Apache, Samba, Configuration versionning
Received on Mon Nov 24 1997 - 07:12:38 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:37:43 MST