[squid-users] squid 3.0 transparent problem

From: donovan jeffrey j <donovan_at_beth.k12.pa.us>
Date: Mon, 27 Jul 2009 22:14:46 -0400

greetings

i'm setting up a new squid box running 3.0 stable 16 in transparent
mode.

the problem is, no call ever gets to squid, unless I configure the
client to look at " squidip " port 3128. Browser fails to connect. If
I tell the system to use proxy at squidip 3128, it works fine.

I have made the new transparent changes to my config. and I have
redirected destined for port 80 to squid.
here is my simplified config.

#l

acl manager proto cache_object
acl localhost src 127.0.0.1/32

acl localnet src 192.168.1.100 255.255.255.255
#
http_access allow manager localhost
http_access deny manager
http_access allow localnet

# And finally deny all other access to this proxy
http_access allow all

# NETWORK OPTIONS
#
-----------------------------------------------------------------------------

#http_port 3128
http_port 10.0.2.3:3128 transparent

#Default:
# cache_mem 8 MB
cache_mem 128 MB

#Default:
# maximum_object_size_in_memory 8 KB
maximum_object_size_in_memory 80 KB

ipcache_size 1024
cache_dir ufs /usr/local/squid/var/cache 2048 16 256
maximum_object_size 40 MB

access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log /usr/local/squid/var/logs/store.log

#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320

cache_effective_user squid
cache_effective_group wheel
visible_hostname hook2

-----
#ipfw redirect
here you can see the redirect going to the port from the client
hook2:~ root# ipfw show
00001 0 0 allow udp from any 626 to any dst-port 626
00500 0 0 fwd 127.0.0.1,3128 tcp from 10.135.1.100 to any dst-
port 80 in recv en1
65535 559 359882 allow ip from any to any
hook2:~ root# ipfw show
00001 0 0 allow udp from any 626 to any dst-port 626
00500 1 64 fwd 127.0.0.1,3128 tcp from 192.168.1.100 to any
dst-port 80 in recv en1
65535 3530 2143506 allow ip from any to any

the client is OSX 10.5.6 leopard. browser cannot connect.
any ideas ? my previous setup used these transparent options,
http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

tia
-jeff
Received on Tue Jul 28 2009 - 02:14:50 MDT

This archive was generated by hypermail 2.2.0 : Tue Jul 28 2009 - 12:00:05 MDT