[squid-users] Squid Transparent mode and citrix application problem

I want to use SQUID 2.6.STABLE16 as transparent proxy.
I have Linux fedora core 7 as router and squid is installed there also.

Iptables configuration:
*nat
:PREROUTING ACCEPT [2844662:160578712]
:POSTROUTING ACCEPT [168208:16839419]
:OUTPUT ACCEPT [115780:8771449]
#redirect http requests to squid
-A PREROUTING -s 10.10.15.0/255.255.255.0 -p tcp -m tcp --dport 80 -j
REDIRECT --to-ports 3128
# pass through NAT everything else
-A POSTROUTING -s 10.10.15.0/255.255.255.0 -d ! 10.10.15.0/255.255.255.0 -o
eth2 -j MASQUERADE
COMMIT

Squid configuration
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

acl our_network src 10.10.15.0/24

http_access allow manager localhost
http_access deny manager
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow our_network
http_access deny all
icp_access allow all

http_port 10.10.15.1:3128 transparent
cache_dir ufs /var/spool/squid 10000 16 256

Everything works, instead Citrix Metaframe client (ICA32t.exe). When I try
to connect to Citrix server I receive such message: "Cannot connect to the
citrix MetaFrame server. Unable to contact the MetaFrame server browser.
There may be network problems, or you may need to configure or correct the
server address in the Server Location field"

Here is access.log in squid:
Tail -f /var/log/sguid/access.log
 1196707494.281 81 10.10.15.30 TCP_MISS/404 1203 POST
http://213.179.13.203/scripts/WPnBr.dll - DIRECT/213.179.13.203 text/html
1196707494.371 79 10.10.15.30 TCP_MISS/400 274 POST
http://213.179.13.204/scripts/WPnBr.dll - DIRECT/213.179.13.204 -
1196707494.487 104 10.10.15.30 TCP_MISS/400 274 POST
http://213.179.13.107/scripts/WPnBr.dll - DIRECT/213.179.13.107 -
1196707494.740 105 10.10.15.30 TCP_MISS/400 274 POST
http://213.179.13.114/scripts/WPnBr.dll - DIRECT/213.179.13.114 -
1196707494.836 92 10.10.15.30 TCP_MISS/400 274 POST
http://213.179.13.118/scripts/WPnBr.dll - DIRECT/213.179.13.118 -

When I delete http redirection from iptables and set proxy address manually
in internet explorer, citrix works fine.
Access.log gives me such information:

Tail -f /var/log/sguid/access.log
1196707587.173 349 10.10.15.30 TCP_MISS/200 11048 CONNECT
gatewaynetworks.dainrauscher.com:443 - DIRECT/199.250.13.52 -
1196707587.242 51 10.10.15.30 TCP_MISS/200 39 CONNECT
gatewaynetworks.dainrauscher.com:443 - DIRECT/199.250.13.52 -

Also, I am able connect to citrix application without proxy server at all
(through NAT).

One more detail: when redirection is on and proxy server is set up
manually in Internet explorer, citrix doesn't work also.
Access.log:
Tail -f /var/log/sguid/access.log
1196707035.421 753 10.10.15.30 TCP_MISS/200 18741 CONNECT
gatewaynetworks.dainrauscher.com:443 - DIRECT/199.250.13.52 -
1196707036.550 86 10.10.15.30 TCP_MISS/404 1203 POST
http://199.250.13.203/scripts/WPnBr.dll - DIRECT/199.250.13.203 text/html
1196707036.640 84 10.10.15.30 TCP_MISS/400 274 POST
http://199.250.13.204/scripts/WPnBr.dll - DIRECT/199.250.13.204 -
1196707036.745 100 10.10.15.30 TCP_MISS/400 274 POST
http://199.250.13.107/scripts/WPnBr.dll - DIRECT/199.250.13.107 -
1196707036.849 94 10.10.15.30 TCP_MISS/400 274 POST
http://199.250.13.114/scripts/WPnBr.dll - DIRECT/199.250.13.114 -
1196707037.003 80 10.10.15.30 TCP_MISS/400 274 POST
http://199.250.13.118/scripts/WPnBr.dll - DIRECT/199.250.13.118 -

Where is a problem ?

Please help, who knows solution.
Thank you very much
Received on Tue Dec 04 2007 - 08:07:20 MST