RE: [squid-users] Redirect to squid with IPTABLES

Here is what I have in mine:

Stock config file with the following changes:

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
 
acl PURGE method PURGE
acl localhost src 127.0.0.1
http_access allow PURGE localhost
http_access deny PURGE
 
acl CGI url_regex .cgi$
acl PHP url_regex .php$
acl ASP url_regex .asp$
acl ASPNET url_regex .aspx$
no_cache deny CGI
no_cache deny PHP
no_cache deny ASP
no_cache deny ASPNET

For IPTables I have added the following line:
eth0 being INET, eth1 being LAN
-A PREROUTING -o eth0 -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT
--to-ports 3128

This way when I access my internal httpd server on the same box it won't
try to proxy it.

There is also a ACL that must be disabled in the squid file acl deny all
(I think).

Hope that helps.

> -----Original Message-----
> From: Evan Fribourg [mailto:evan@deniromarketing.com]
> Sent: Monday, July 31, 2006 11:05 AM
> To: squid-users@squid-cache.org
> Subject: RE: [squid-users] Redirect to squid with IPTABLES
>
> > You could try this:
> > If you did not set up the proxy in your browser (and I think
> > so), you should activate "transparent proxying" in your
> > squid.conf. In this case, you would redirect the traffic with
> > dport 80 to <squid-host>:80, not 3128. The difference is that
> > your browser does not know to use a proxy, but you are
> > redirecting this foward to a proxy. Thus the proxy should
> > work with transparent proxying, cause this is what you want
> > squid to do.
>
> Well, the server that I'm redirecting to already has apache on port
80,
> and
> I don't want to put squid in front of it at this point. I just need
squid
> to retrieve internet requests, which is why I'm leaving it on 3128.
>
> In the squid.conf, I put:
> http_port 3128 transparent
>
> And I get:
> ERROR
> The requested URL could not be retrieved
>
> While trying to retrieve the URL: http://www.google.com
>
> The following error was encountered:
>
> * Unable to forward this request at this time.
>
> This request could not be forwarded to the origin server or to any
parent
> caches. The most likely cause for this error is that:
>
> * The cache administrator does not allow this cache to make direct
> connections to origin servers, and
> * All configured parent caches are currently unreachable.
>
> Your cache administrator is webmaster.
>
> In the cache.log I see:
> 2006/07/31 10:57:07| Accepting transparently proxied HTTP connections
at
> 0.0.0.0, port 3128, FD 11.
> 2006/07/31 10:57:07| Ready to serve requests.
> 2006/07/31 10:57:53| WARNING: transparent proxying not supported
> 2006/07/31 10:57:53| Failed to select source for
'http://www.google.com'
> 2006/07/31 10:57:53| always_direct = 0
> 2006/07/31 10:57:53| never_direct = 0
> 2006/07/31 10:57:53| timedout = 0
>
> In access.log I see:
> 1154368853.534 12 <my_ip> TCP_MISS/503 1638 GET
> http://mail.google.com/
> - NONE/- text/html
>
> I'm assuming I'm missing something in the conf...?
>
> Kind regards,
>
> Evan Fribourg
> Web Application Developer
Received on Mon Jul 31 2006 - 15:02:36 MDT