[squid-users] squid 2.6 + transparent + ipfw

From: Andrew Pantyukhin <infofarmer@dont-contact.us>
Date: Wed, 5 Jul 2006 13:25:49 +0400

I can't figure out how to use transparent squid 2.6 with ipfw.

I don't use --enable-{ipf,pf}-transparent because I only use
ipfw (ipfirewall), not ipf (IP filter) or pf (packet filter). I also
don't use --enable-linux-{netfilter,tproxy}, because I've got
FreeBSD installed, not Linux.

My guess is for transparent proxying to work one of these
options has to be enabled. Let's see what happens.

I compiled squid without any of these options. In cache.log
I see:

Accepting transparently proxied HTTP connections at 0.0.0.0, port 3128, FD 12.

Great! But when I actually try to forward any packets there,
I get this in cache.log:

2006/07/05 12:04:31| WARNING: transparent proxying not supported
2006/07/05 12:04:31| Failed to select source for 'http://mail.ru/'
2006/07/05 12:04:31| always_direct = 0
2006/07/05 12:04:31| never_direct = 0
2006/07/05 12:04:31| timedout = 0

this in access.log:

1152086671.736 1 10.17.225.45 TCP_MISS/503 1589 GET
http://mail.ru/ - NONE/- text/html

and this in the browser:

<...>
   The following error was encountered:
     * Unable to forward this request at this time.
<...>

With squid 2.5, I didn't have to compile it with any
transparency-related options, it just worked. Squid did not
have a notion of being transparent, so it worked great. Now
I have to wonder how to get it working. Can I use accelerator
options to bring back the old behavior? Can I compile squid
with other options and use it with ipfw?

Any help will be much appreciated, thanks!
Received on Wed Jul 05 2006 - 05:17:32 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:01 MDT