transparent proxying problems

From: Parto Chobeiry <parto@dont-contact.us>
Date: Fri, 17 Sep 1999 11:56:50 +0200

Hi,

I am running Squid 2.2.STABLE4 on a Linux 2.2.12.

Could anybody help me with the following problems:

1. Transparent proxy without transproxy-1.0 does not work. I always get
"Invalid URL" and the hostname is truncated from the URL. I tried to
compile Squid with --enable-ipf-transparent but this did fail (ip_fil.h
not found). Would enabling ipf-transparent make the use of transproxy
superflous?

2. When trying to search www.squid-cache.org for keywords, I never get a
response. If I make my browser to use Squid explicitly by changing the
proxy parameters everything works. Is this a problem with transproxy?
Some other pages do not display either (e.g. from the Squid Hypermail
archive).

3. How can I redirect all passive FTP requests through Squid? I tried a
"ipchains -A input -s 0/0 -d 0/0 21 -p tcp -j REDIRECT 3128" but my
browser then returns with "FTP Error, Could not login to FTP server,
[sic!] er: Squid/2.2.STABLE4".

Any help would be greatly appreciated.

ipchains -L shows:

Chain input (policy ACCEPT):
target prot opt source destination
ports
- all ------ anywhere dmz-82.logos.de n/a
- all ------ anywhere ns1.logos.de n/a
ACCEPT tcp ------ anywhere localhost any
-> www
ACCEPT tcp ------ anywhere screamer.logos.de any
-> www
REDIRECT tcp ------ 192.168.1.0/24 anywhere any
-> www => tproxy
Chain forward (policy ACCEPT):
target prot opt source destination
ports
MASQ all ------ 192.168.1.0/24 anywhere n/a
Chain output (policy ACCEPT):
target prot opt source destination
ports
- all ------ dmz-82.logos.de anywhere n/a
- all ------ ns1.logos.de anywhere n/a

/etc/Squid.conf looks like this:

http_port 3128
local_domain logos.de
hierarchy_stoplist cgi-bin ?
cache_stoplist cgi-bin ?
cache_mem 32
cache_swap 4096
maximum_object_size 1048576
ipcache_size 2048
cache_dir /raid/squid/cache
cache_access_log /raid/squid/logs/access
cache_log /raid/squid/logs/cache
cache_store_log /raid/squid/logs/store
debug_options ALL,1
ftp_user squid@logos.de
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl SSL_ports port 443 563
acl Dangerous_ports port 7 9 19
acl CONNECT method CONNECT
http_access deny manager !localhost
http_access deny CONNECT !SSL_ports
http_access deny Dangerous_ports
http_access allow all
icp_access allow all
miss_access allow all
cache_effective_user squid nogroup
httpd_accel virtual 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
dns_testnames internic.net usc.edu cs.colorado.edu mit.edu yale.edu
minimum_direct_hops 4

-- 
| PARTO CHOBEIRY
| parto@chobeiry.de
Received on Fri Sep 17 1999 - 04:15:26 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:26 MST