Re: [squid-users] Transparent Proxy problem on FreeBSD from T.Q.Huy on 2002-07-30 (squid-users)

From: T.Q.Huy <huytu@dont-contact.us>
Date: Tue, 30 Jul 2002 17:34:38 +0700

Dear MASOOD,
the problem is your forwarding rule.
I don't know what firewall you built in your FreeBSD, then I assume you use
IPFW (with Forwarding module in your kernel) is the rule is:
ipfw add fwd your.cache.ip,port tcp from your.client.ips to any 80
Rather than:
ipfw add fwd your.cache.ip,port tcp from any to any 80

-- 
Best regards,
 T.Q.Huy                            mailto:huytu@hcmc.netnam.vn
                                       AIM: huytu2k2
                                       ICQ: 162254462 
Monday, July 29, 2002, 5:35:03 PM, you wrote:
MA> Hello my dear squid users,
MA> I'm running squid on FreeBSD it's going well but when
MA> i try to configure it as a transparent it's displaying
MA> messages Access Denied.
MA> as I read squid FAQ they are say these things show
MA> below
MA> 17.7 The cache is trying to connect to itself... 
MA> by Henrik Nordstrom
MA> I think almost everyone who have tried to build a
MA> interception proxy setup have been bitten by this one.
MA> Measures you can take: 
MA> Deny Squid from fetching objects from itself (using
MA> ACL lists). 
MA> Apply a small patch that prevents Squid from looping
MA> infinitely (available from Henrik's Squid Patches) 
MA> Don't run Squid on port 80, and redirect port 80 not
MA> destined for the local machine to Squid (redirection
MA> == ipfilter/ipfw/ipfadm). This avoids the most common
MA> loops. 
MA> If you are using ipfilter then you should also use
MA> transproxyd in front of Squid. Squid does not yet know
MA> how to interface to ipfilter (patches are welcome:
MA> squid-bugs@squid-cache.org). 
MA> I know I'm facing this problem becasue as I'm doing
MA> transparent proxy with "ipfw" firewall. When i tried
MA> to run my proxy as transparent Squid cache loop
MA> infinitely occured.
MA> I did not find any patch from Henrick site for
MA> preventing loop in Squid2.4STABLE6
MA> any idea?
MA> Regards
MA> Masood Ahmad
MA> __________________________________________________
MA> Do You Yahoo!?
MA> Yahoo! Health - Feel better, live better
MA> http://health.yahoo.com

Received on Tue Jul 30 2002 - 04:35:32 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:24 MST