Re: [squid-users] squid 3.0 transparent problem

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 28 Jul 2009 14:37:11 +1200

On Mon, 27 Jul 2009 22:14:46 -0400, donovan jeffrey j
<donovan_at_beth.k12.pa.us> wrote:
> greetings
>
> i'm setting up a new squid box running 3.0 stable 16 in transparent
> mode.
>
> the problem is, no call ever gets to squid, unless I configure the
> client to look at " squidip " port 3128. Browser fails to connect. If
> I tell the system to use proxy at squidip 3128, it works fine.
>
> I have made the new transparent changes to my config. and I have
> redirected destined for port 80 to squid.
> here is my simplified config.
>
> #l
>
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
>
> acl localnet src 192.168.1.100 255.255.255.255
> #
> http_access allow manager localhost
> http_access deny manager
> http_access allow localnet
>
> # And finally deny all other access to this proxy
> http_access allow all
>
> # NETWORK OPTIONS
> #
>
-----------------------------------------------------------------------------
>
> #http_port 3128
> http_port 10.0.2.3:3128 transparent
>
> #Default:
> # cache_mem 8 MB
> cache_mem 128 MB
>
> #Default:
> # maximum_object_size_in_memory 8 KB
> maximum_object_size_in_memory 80 KB
>
> ipcache_size 1024
> cache_dir ufs /usr/local/squid/var/cache 2048 16 256
> maximum_object_size 40 MB
>
> access_log /usr/local/squid/var/logs/access.log
> cache_log /usr/local/squid/var/logs/cache.log
> cache_store_log /usr/local/squid/var/logs/store.log
>
> #Suggested default:
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern (cgi-bin|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
>
> cache_effective_user squid
> cache_effective_group wheel
> visible_hostname hook2
>
> -----
> #ipfw redirect
> here you can see the redirect going to the port from the client
> hook2:~ root# ipfw show
> 00001 0 0 allow udp from any 626 to any dst-port 626
> 00500 0 0 fwd 127.0.0.1,3128 tcp from 10.135.1.100 to any dst-
> port 80 in recv en1
> 65535 559 359882 allow ip from any to any
> hook2:~ root# ipfw show
> 00001 0 0 allow udp from any 626 to any dst-port 626
> 00500 1 64 fwd 127.0.0.1,3128 tcp from 192.168.1.100 to any
> dst-port 80 in recv en1
> 65535 3530 2143506 allow ip from any to any
>
> the client is OSX 10.5.6 leopard. browser cannot connect.
> any ideas ?

Your firewall says its sending packets to 127.0.0.1,3128

Your new squid.conf says interception is happening on 10.0.2.3:3128

If you removed the IP or changed it to 127.0.0.1:3128 in squid.conf it
would work.

Amos
Received on Tue Jul 28 2009 - 02:37:21 MDT

This archive was generated by hypermail 2.2.0 : Tue Jul 28 2009 - 12:00:05 MDT