[squid-users] Transparent Proxy weirdness

From: Jason Dixon <jason@dont-contact.us>
Date: 29 Apr 2003 20:44:29 -0400

Hi all-

I'm trying to get a transparent proxy configuration working properly
with Squid on OpenBSD/PF. I've added the following per the
documentation:

httpd_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

and added the necessary redirection rule in the firewall:

rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 3128

If I configure proxies on the clients, everything works fine. However,
any traffic that attempts to go through the transparent proxy does not.
All traffic hits the proxy as expected, but all traffic outbound from
the proxy attempts to hit the same port that Squid is configured to
listen on. Here's an example state entry:

tcp 127.0.0.1:3128 <- 66.35.250.151:80 <- 192.168.0.42:37118 ESTABLISHED:ESTABLISHED
tcp xxx.xxx.xxx.xxx:7069 -> 66.35.250.151:3128 SYN_SENT:CLOSED

As you can see in the 2nd entry, the firewall (xxx.xxx.xxx.xxx) is
attempting to connect to port 3128 on the remote server (66.35.250.151).

The only work-around I've found is to have Squid listen on port 80, with
all traffic redirected to 127.0.0.1:80. I've tried both the official
STABLE2 source and the OpenBSD port. There seems to be a large group of
OpenBSD users that have gotten this working successfully, and another
group that is having the same dilemma as yours truly.

Any ideas? TIA-

-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
Received on Tue Apr 29 2003 - 18:46:10 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:15:35 MST