Re: [squid-users] squid transparent proxy still not working

Have you followed http://wiki.squid-cache.org/ConfigExamples/ and setup
the forwarding, et al, correctly?

Just so you know, I can build a proxy from a default debian install
by following one of the examples there and transparent proxying "just"
works.

Adriank

On Sat, Feb 09, 2008, kang ason wrote:
> Dear All
> I was succesfully installing squid 2.6 STABLE 18 in
> debian 4.0 with
> command and option bellow
> ./configure --prefix=/usr/local/squid
> --enable-delay-pools--enable-poll
> --disable-indent-lookup --enable-truncate
> --enable-cache-digests --enable-linux-netfilter
> --enable-async-io=16 --enable-removal-policies\
>
> ./make all
> ./make install
>
> This server have two interfaces, eth0 to internet &
> eth1 to LAN
> And this is my squid.conf
>
> http_port 8080 transparent
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl Safe_ports port 631 # cups
> acl Safe_ports port 873 # rsync
> acl Safe_ports port 901 # SWAT
> acl purge method PURGE
> acl CONNECT method CONNECT
> acl apache rep_header Server ^Apache
>
> ## client IP Address
> acl vlan10 src 192.168.10.0/24
> icp_access allow all
> hierarchy_stoplist cgi-bin ?
> cache_mem 64 MB
> maximum_object_size_in_memory 4096 KB
> memory_replacement_policy heap GDSF
> cache_replacement_policy heap LFUDA
> cache_dir ufs /usr/local/squid/var/cache 5000 18 256
> minimum_object_size 0 KB
> maximum_object_size 51200 KB
> cache_swap_low 98
> cache_swap_high 99
> access_log /usr/local/squid/var/logs/access.log squid
> cache_log /dev/null
> cache_store_log /dev/null
> emulate_httpd_log off
> log_ip_on_direct on:
> mime_table /usr/local/squid/etc/mime.conf
> log_mime_hdrs off
> pid_filename /usr/local/squid/var/logs/squid.pid
> log_fqdn off
> client_netmask 255.255.255.0
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern (cgi-bin|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
> http_access deny CONNECT !SSL_ports
> http_access deny !Safe_ports
> http_access allow localhost
> http_access allow manager localhost
> http_access allow purge localhost
> http_access allow vlan10
> http_access deny manager
> http_access deny all
> broken_vary_encoding allow apache
> cache_vary on
> cache_effective_user proxy
> cache_mgr wifiproxy2008
> ipcache_size 2048
> ipcache_low 98
> ipcache_high 99
> fqdncache_size 2048
> coredump_dir /usr/local/squid/var/cache
> visible_hostname wifi2008
> cache_effective_group proxy
> always_direct allow all
> store_dir_select_algorithm round-robin
> extension_methods REPORT MERGE MKACTIVITY CHECKOUT
> ##---- end of squid.conf ----
> Squid Running No error
>
> and this is my iptables for squid transparent
> iptables -t nat -A PREROUTING -i eth0 -s 192.168.10.10
> -p tcp --dport 80 -j ACCEPT
> iptables -t nat -A PREROUTING -i eth1 -s 192.168.10/24
> -p tcp --dport 80 -j REDIRECT --to-port 8080
> iptables -t filter -A FORWARD -i eth1 -s 192.168.10/24
> -p tcp --dport 80 -j REJECT
>
> what wrong with my squid.conf or iptables rules?
> why transparent proxy not working, & why client must
> setting using proxy in their browser if the want
> using proxy
>
> thaks
>
> regards
> ason
> Cah Kopeng
> Lereng Utara Gunung Merbabu
>
>
> ____________________________________________________________________________________
> Never miss a thing. Make Yahoo your home page.
> http://www.yahoo.com/r/hs

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -