You need to begin debugging this by looking at wireshark/ethereal packet
dumps. Try to figure out what the client/server is doing that confuses
Squid (or confuses the client/server.)
Adrian
On Tue, Dec 04, 2007, Taras Panchyshyn wrote:
> I want to use SQUID 2.6.STABLE16 as transparent proxy.
> I have Linux fedora core 7 as router and squid is installed there also.
>
> Iptables configuration:
> *nat
> :PREROUTING ACCEPT [2844662:160578712]
> :POSTROUTING ACCEPT [168208:16839419]
> :OUTPUT ACCEPT [115780:8771449]
> #redirect http requests to squid
> -A PREROUTING -s 10.10.15.0/255.255.255.0 -p tcp -m tcp --dport 80 -j
> REDIRECT --to-ports 3128
> # pass through NAT everything else
> -A POSTROUTING -s 10.10.15.0/255.255.255.0 -d ! 10.10.15.0/255.255.255.0 -o
> eth2 -j MASQUERADE
> COMMIT
>
> Squid configuration
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> acl our_network src 10.10.15.0/24
>
> http_access allow manager localhost
> http_access deny manager
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> http_access allow our_network
> http_access deny all
> icp_access allow all
>
> http_port 10.10.15.1:3128 transparent
> cache_dir ufs /var/spool/squid 10000 16 256
>
> Everything works, instead Citrix Metaframe client (ICA32t.exe). When I try
> to connect to Citrix server I receive such message: "Cannot connect to the
> citrix MetaFrame server. Unable to contact the MetaFrame server browser.
> There may be network problems, or you may need to configure or correct the
> server address in the Server Location field"
>
> Here is access.log in squid:
> Tail -f /var/log/sguid/access.log
> 1196707494.281 81 10.10.15.30 TCP_MISS/404 1203 POST
> http://213.179.13.203/scripts/WPnBr.dll - DIRECT/213.179.13.203 text/html
> 1196707494.371 79 10.10.15.30 TCP_MISS/400 274 POST
> http://213.179.13.204/scripts/WPnBr.dll - DIRECT/213.179.13.204 -
> 1196707494.487 104 10.10.15.30 TCP_MISS/400 274 POST
> http://213.179.13.107/scripts/WPnBr.dll - DIRECT/213.179.13.107 -
> 1196707494.740 105 10.10.15.30 TCP_MISS/400 274 POST
> http://213.179.13.114/scripts/WPnBr.dll - DIRECT/213.179.13.114 -
> 1196707494.836 92 10.10.15.30 TCP_MISS/400 274 POST
> http://213.179.13.118/scripts/WPnBr.dll - DIRECT/213.179.13.118 -
>
> When I delete http redirection from iptables and set proxy address manually
> in internet explorer, citrix works fine.
> Access.log gives me such information:
>
> Tail -f /var/log/sguid/access.log
> 1196707587.173 349 10.10.15.30 TCP_MISS/200 11048 CONNECT
> gatewaynetworks.dainrauscher.com:443 - DIRECT/199.250.13.52 -
> 1196707587.242 51 10.10.15.30 TCP_MISS/200 39 CONNECT
> gatewaynetworks.dainrauscher.com:443 - DIRECT/199.250.13.52 -
>
> Also, I am able connect to citrix application without proxy server at all
> (through NAT).
>
> One more detail: when redirection is on and proxy server is set up
> manually in Internet explorer, citrix doesn't work also.
> Access.log:
> Tail -f /var/log/sguid/access.log
> 1196707035.421 753 10.10.15.30 TCP_MISS/200 18741 CONNECT
> gatewaynetworks.dainrauscher.com:443 - DIRECT/199.250.13.52 -
> 1196707036.550 86 10.10.15.30 TCP_MISS/404 1203 POST
> http://199.250.13.203/scripts/WPnBr.dll - DIRECT/199.250.13.203 text/html
> 1196707036.640 84 10.10.15.30 TCP_MISS/400 274 POST
> http://199.250.13.204/scripts/WPnBr.dll - DIRECT/199.250.13.204 -
> 1196707036.745 100 10.10.15.30 TCP_MISS/400 274 POST
> http://199.250.13.107/scripts/WPnBr.dll - DIRECT/199.250.13.107 -
> 1196707036.849 94 10.10.15.30 TCP_MISS/400 274 POST
> http://199.250.13.114/scripts/WPnBr.dll - DIRECT/199.250.13.114 -
> 1196707037.003 80 10.10.15.30 TCP_MISS/400 274 POST
> http://199.250.13.118/scripts/WPnBr.dll - DIRECT/199.250.13.118 -
>
> Where is a problem ?
>
> Please help, who knows solution.
> Thank you very much
-- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -Received on Tue Dec 04 2007 - 14:49:10 MST
This archive was generated by hypermail pre-2.1.9 : Tue Jan 01 2008 - 12:00:01 MST