> I'm serving in Iraq, where bandwidth is low and DNS servers are thousands
> of miles away. squid is a great solution for my unit.
>
> I set up squid-3.0-STABLE8 behind SNAT to do intercetion caching with the
> standard:
>
> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT
> --to-port 3128
>
> and http_port 3128 transparent
>
> but squid does not intercept the packets. Setting the proxy in the
> browsers (IE7 and Forefox3) results in squid caching as expected. After
> many agonizing days of trying to determine why I was not getting hits when
> leaving the browsers un-configured, I finally had everyone set their proxy
> settings to the server and port 3128 (dhcpd takes care of pointing them at
> the right subnet and gateway). The issues I now face are that other apps
> don't run right, particularly for the Mac guys (can't have seperate
> settings in browser and other network apps). I need to run this
> transparently if at all possible.
>
> Am I missing something with the newest browsers? tcpdump did report that
> IE7 was sending packets to port 137. Is Firefox also sending to
> non-standard ports? I even tried DNAT'ing everything from eth1 to port
> 3128 as a test, but no hits. Do I have squid listen on all possible tcp
> ports used by both browsers? Is iptables 1.4.1 buggy (doubtful)? Do I
> re-route all possible tcp ports to 3128? If so, does anyone know what all
> of the ports used by these two browsers are? Are the browsers sending out
> "Don't intercept me" headers when in default setup and "Intercept me"
> headers when configured for proxy? I'm at a loss.
>
> squid is doing a fantastic job of keeping a lot of traffic local, but I
> fear I will have to cease using it in order to keep everything else
> working if I can't solve this. IM and VC apps top the list down here since
> everyone tries to stay in touch with home, so I have to keep them working.
>
> Thanks so much for any help,
> Jason
>
A couple of Qs.
- is your squid built with --enable-linux-netfilter ?
- is squid running on the NAT box?
- are the requests just dying, or being served okay as TCP_MISS?
- whats the rest of your config say?
To keep explicit config (it is better anyway). Windows people are screwed
(way to go MS).
For the non-Windows users there is a global environment variable in most
OS which applications usually use for proxy settings:
http_proxy="http://fubar.example.org:3128/"
or a control panel somewhere in the OS for 'proxy settings' which sets it
properly for the whole machine. Not in the browser-only settings.
Amos
Received on Thu Sep 04 2008 - 03:32:48 MDT
This archive was generated by hypermail 2.2.0 : Thu Sep 04 2008 - 12:00:02 MDT