I just subscribed to this list for the exact same problem.
Running Squid Stable 3, and proxy works fine when entered into browser but
transparent mode seems broken, with the port 3128 being appended to all
requests and the access log only sometimes logging the request at all.
Having also seen umpteen references to release notes, and having http_port
3128 transparent there from the beginning. This is getting mildly
frustrating...
Someone with a working transparent STABLE3 setup want to offer a suggestion ?
On Saturday 16 September 2006 14:50, W. Tait Cyrus wrote:
> OK. I've spent the past 4 hours searching old postings and squid
> related web sites for this answer and seem to find things keep leading
> in circles.
>
> I have a Linux 2.6.17 firewall running squid and squidGuard. The
> firewall is configured such that all outgoing http access gets NATed to
> port 3128 (on the fw) where squid then runs squidGuard to filter out
> "bad" sites. That is ALL squid is intended for is to run squidGuard on
> all outgoing web accesses. I need this type of configuration since
> updating the proxy in the web browsers is too easy to turn off (and gain
> access to the "bad" sites) so I need something transparent.
>
> I had been running squid squid-2.5.STABLE12 with little problems, but
> did run into a problem with an app failing to update itself via http
> (because squid got in the way) so I wanted to upgrade to 2.6.STABLE3
> hoping the problem would be fixed. Unfortunately I can't get
> 2.6.STABLE3 configured to work the same way.
>
> Many of the previous posting suggest:
> - read the release notes:
> well, I've done that and they don't given any examples, only a word
> description that
> an "option" can be used to do this. So it isn't clear at all what
> the correct form of
> the options are to configure squid to be transparent since it
> appears that multiple
> options are required and no where are they all together discussed
> - read the FAQ
> again it says almost the same thing, or doesn't exist (one wiki was
> still being written in regards
> to transparent proxy setup)
> - or they suggest things which didn't work (or produced startup errors)
>
> My previous configuration was basically:
>
> httpd_accel_port 80
> httpd_accel_host virtual
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
>
> with iptables configured with:
> iptables -t nat -A PREROUTING -p tcp -m tcp -s 10.0.0.0/8 --dport 80 -j
> DNAT --to-destination 10.200.1.100:3128
>
> So only outgoing port 80 were NAT'ed to 3128. All incoming port 80 are
> dealt with separately (forwarded to the web server).
>
> I've tried the following squid config (since that seemed to be what most
> people suggested) without success:
> http_port 3128 transparent
> cache_peer localhost parent 3128 0 no-query originserver
> but this mangles the URL adding port 3128 to the host. I.e. changes
> http://google.com to http://google.com:3128
> Even tried variations on http_port and cache_peer.
>
> So is there a simple example of how to set up a transparent proxy (local
> cache)?
>
> tia
> ++Tait
Received on Fri Sep 15 2006 - 23:31:01 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:03 MDT