RE: [squid-users] Transparent Proxy not working in 3.0 STable1

Totally correct Amos

I rebuilt with netfilter only and works great, thanks

Alan

-----Original Message-----
From: Amos Jeffries [mailto:squid3@treenet.co.nz]
Sent: 14 February 2008 22:04
To: WRIGHT Alan
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Transparent Proxy not working in 3.0 STable1

> Hi Folks,
>
> I have installed squid 3.0 stable 1 and have configured it for
> transparent mode.
>
> Somehow it doesn't seem to work correctly.
>
> When it runs, it shows that it is running in transparent mode, but
then
> when HTTP requests hit the box it gives the WARNING: Transparent
> proxying not supported. The web browser shows an error page but from
the
> squid itself (Error: HTTP 400 Bad Request - Invalid URL.....).
>
> When I configured the build, I used the tproxy and the netfilter
options
> for transparent proxying as I wasn't sure what one I needed.

At present only one transparency option will work and build. The tproxy
configure option is for kernels patched with the TROXY patch from
balabit.
The netfilter option is for standard kernels using iptables NAT
REDIRECT.

You will need to pick the one that applies to you and re-build squid.

>
> Does anyone have a clue why it will not run in transparent mode.
>
> I am pretty sure my iptables is OK

It probably is, but squid when configured with multiple transparency
options squid prefers the more transparent option (TPROXY is the only
completely transparent).

It sounds like you need to drop the tproxy.

Amos

>
> Here is what the trace shows:
>
> No. Time Source Destination
Protocol
> Info
> 20 12.102354 192.168.26.128 192.168.130.250 HTTP
> GET / HTTP/1.1
>
> Frame 20 (493 bytes on wire, 493 bytes captured)
> Ethernet II, Src: 00:0c:29:e8:3d:07, Dst: 00:0c:29:01:ce:bc
> Internet Protocol, Src Addr: 192.168.26.128 (192.168.26.128), Dst
Addr:
> 192.168.130.250 (192.168.130.250)
> Transmission Control Protocol, Src Port: 44418 (44418), Dst Port: http
> (80), Seq: 1, Ack: 1, Len: 427
> Hypertext Transfer Protocol
> GET / HTTP/1.1\r\n
> Host: 192.168.130.250\r\n
> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1)
> Gecko/20060313 Fedora/1.5.0.1-9 Firefox/1.5.0.1 pango-text\r\n
> Accept:
>
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plai
> n;q=0.8,image/png,*/*;q=0.5\r\n
> Accept-Language: en-us,en;q=0.5\r\n
> Accept-Encoding: gzip,deflate\r\n
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n
> Keep-Alive: 300\r\n
> Connection: keep-alive\r\n
> \r\n
>
> No. Time Source Destination
Protocol
> Info
> 22 12.157274 192.168.130.250 192.168.26.128 HTTP
> HTTP/1.0 400 Bad Request (text/html)[Short Frame]
>
> Frame 22 (1514 bytes on wire, 500 bytes captured)
> Ethernet II, Src: 00:0c:29:01:ce:bc, Dst: 00:0c:29:e8:3d:07
> Internet Protocol, Src Addr: 192.168.130.250 (192.168.130.250), Dst
> Addr: 192.168.26.128 (192.168.26.128)
> Transmission Control Protocol, Src Port: http (80), Dst Port: 44418
> (44418), Seq: 1, Ack: 428, Len: 1448
> Hypertext Transfer Protocol
> HTTP/1.0 400 Bad Request\r\n
> Server: squid/3.0.STABLE1\r\n
> Mime-Version: 1.0\r\n
> Date: Thu, 14 Feb 2008 04:44:37 GMT\r\n
> Content-Type: text/html\r\n
> Content-Length: 1447\r\n
> Expires: Thu, 14 Feb 2008 04:44:37 GMT\r\n
> X-Squid-Error: ERR_INVALID_URL 0\r\n
> X-Cache: MISS from localhost.localdomain\r\n
> Via: 1.0 localhost.localdomain (squid/3.0.STABLE1)\r\n
> Proxy-Connection: close\r\n
> \r\n
>
> TIA
>
> Alan
>
>
>
>
>
Received on Wed Feb 20 2008 - 10:07:53 MST