[squid-users] Issues fwd'ing from transparent Squid proxy to Privoxy then to the internet from Ouray Viney on 2007-03-24 (squid-users)

From: Ouray Viney <oviney@dont-contact.us>
Date: Sat, 24 Mar 2007 09:23:30 -0400

Hi All:

Problem Description:
======================

Issues fwd'ing from transparent Squid proxy to Privoxy then to the
internet.

I have recently been struggling to get squid to forward to privoxy for
content/image filtering.

I have spent about a week googling and have read both privoxy's and
squid's FAQs and guides on how each recommend a configuration for what I
am trying to do.

I am using shorewall as my firewall, and currently don't have any issues
forwarding my web based traffic to squid as caching proxy, but as soon
as I add in the configuration items that are "supposed" to force squid
to forward all of its requests to privoxy, privoxy doesn't actually get
any of the traffic (proven by looking at the log
file /var/log/privoxy/logfile).

Links I have used to try to figure this out:
=============================================
http://www.privoxy.org/user-manual/config.html - section 7.5 forwarding
http://www.opensourcehowto.org/how-to/privoxy/privoxy--squid.html
http://www.squid-cache.org/mail-archive/squid-users/200310/0234.html
http://wiki.squid-cache.org/ConfigExamples
http://wiki.squid-cache.org/SquidFaq/ConfiguringSquid
http://wiki.squid-cache.org/SquidFaq/SquidRedirectors
http://wiki.squid-cache.org/SquidFaq/InterceptionProxy

Here are the basic configuration items (that are currently not working):

Environment details:
======================
Server: Ubuntu 6.10 (latest patches)
Squid version: 2.6.1-3ubuntu1.2
Privoxy version: 3.0.3-2-1

Note: All the elements are on one box (firewall, squid and privoxy)

For the purpose of this email, the IP of the all-in-one server is
192.168.1.1.

Here are some stripped down configuration items that are supposed to
solve fwd'ing from squid to privoxy.
<snippet>
# Force forwarding to privoxy for filtering to remove adds and other
*junk*
cache_peer 192.168.1.1 parent 8118 7 no-query

# Do not forward FTP requests to Privoxy
always_direct allow ftp
</snippet>

My firewall rule shouldn't have anything to do with why this isn't
working so I am not going to include it. But I will mention that I am
using squid transparently so that my client don't have the option but to
go through the proxy as no other connections can be made to the internet
with out first hitting the proxy.

Observed behaviour:
====================
So when I make a http request, the squid access log shows date and the
privoxy logfile shows nothing but the web page does load.

Here is what I would like to happen:

Call flow:
============
Browser www request ---> firewall ---> squid ---> privoxy ---> WWW
(internet)

Call for help!

If anyone has any ideas, comments, links/resources that aren't what I
have already read, then by all means please post. Perhaps that way that
I am trying to do things really isn't possible, but that would be a
major oversight on my behalf. I would appreciate any one that has this
same scenario to share their working configuration (obviously don't need
the whole squid.conf)

application/pgp-signature attachment: This is a digitally signed message part

Received on Sat Mar 24 2007 - 07:23:31 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Mar 31 2007 - 13:00:02 MDT