Dong-Yuan Shih wrote:
> 2010/3/8 Henrik Nordstrom <henrik_at_henriknordstrom.net>:
>> mån 2010-03-08 klockan 19:56 +0800 skrev Dong-Yuan Shih:
>>> when i start my squid proxy
>>> the traffic is via ppp0 to internet
>>> but url filter rule is notworking !!!!!!!!!
>> Is there anything in access.log?
>>
>> Regards
>> Henrik
>>
>>
> there is nothing access.log
Therefore requests are not arriving at Squid.
Your iptables rules are not working.
> cache log
> 2010/03/08 12:27:44| WARNING: -D command-line option is obsolete.
> 2010/03/08 12:27:44| Warning: empty ACL: acl exempt src
Strangely there is no such ACL in the config you told us you were running...
> 2010/03/08 12:27:44| Starting Squid Cache version 3.1.0.14 for
> i686-pc-linux-gnu...
> 2010/03/08 12:27:44| Process ID 29452
> 2010/03/08 12:27:44| With 1024 file descriptors available
> 2010/03/08 12:27:44| Initializing IP Cache...
> 2010/03/08 12:27:44| DNS Socket created at [::], FD 4
> 2010/03/08 12:27:44| Adding nameserver 168.95.1.1 from /etc/resolv.conf
> 2010/03/08 12:27:44| Unlinkd pipe opened on FD 9
> 2010/03/08 12:27:44| Store logging disabled
> 2010/03/08 12:27:44| Swap maxSize 0 + 262144 KB, estimated 20164 objects
> 2010/03/08 12:27:44| Target number of buckets: 1008
> 2010/03/08 12:27:44| Using 8192 Store buckets
> 2010/03/08 12:27:44| Max Mem size: 262144 KB
> 2010/03/08 12:27:44| Max Swap size: 0 KB
> 2010/03/08 12:27:44| Using Least Load store dir selection
> 2010/03/08 12:27:44| Current Directory is /usr/local/squid
> 2010/03/08 12:27:44| Loaded Icons.
> 2010/03/08 12:27:44| Accepting spoofing HTTP connections at
> 0.0.0.0:3129, FD 10.
TPROXY is up and running as far as Squid can tell.
However, note that 3.1.0.14 does not have the upgrade to warn properly
when libcap2 is missing or not working properly. You will need the to
build Squid from the current snapshot to get that. We had a bug that
broke TPROXY for 3.1.0.16 and 3.1.0.17 release bundles sorry.
> 2010/03/08 12:27:44| HTCP Disabled.
> 2010/03/08 12:27:44| IcmpSquid.cc(253) Open: Pinger socket opened on FD 12
> 2010/03/08 12:27:44| Squid modules loaded: 0
> 2010/03/08 12:27:44| Ready to serve requests.
> 2010/03/08 12:27:45| storeLateRelease: released 0 objects
>
>
> #http_port 3128 tproxy transparent
> this syntax is not support
Yes, that is broken syntax above.
> or
> http_port 3128 transparent
> http_port 3129 tproxy
# Receive DNAT or REDIRECT traffic (for squid 3.1)
http_port 3128 intercept
# Receive TPROXY traffic
http_port 3129 tproxy
>
> i'm so confuse
> everything is fine when i use squid 3.0
> i just modify conf
> add visible_hostname
> and #cache_dir null /tmp
> http_port 3129 tproxy
>
> thanks for any advice
3.0 does not support TPROXY so it will not work, even if it looks fine
and requests happen. Your logs will be garbage and no spoofing will happen.
Amos
-- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE24 Current Beta Squid 3.1.0.17Received on Mon Mar 08 2010 - 13:13:54 MST
This archive was generated by hypermail 2.2.0 : Mon Mar 08 2010 - 12:00:03 MST