On 25/02/11 22:53, Ümit Kablan wrote:
> Hi,
>
> 2011/2/24 Amos Jeffries<squid3_at_treenet.co.nz>:
>>
>> Please keep the replies on the mailing list for others to benefit from.
>> I charge for private assistance.
>
> Sorry I failed to send reply to all :-(
>
>>
>> On Wed, 23 Feb 2011 12:32:56 +0200, Ümit Kablan wrote:
>>>
>>>
>>> 2011/2/22 Amos Jeffries :
>>>>
>>>> On Tue, 22 Feb 2011 17:24:39 +0200, Ümit Kablan wrote:
>>>>>
>>>>> 2011/2/21 Amos Jeffries wrote:
>>>>>>
>>>>>> On Mon, 21 Feb 2011 16:19:53 +0200, Ümit Kablan wrote:
>>>>>>>
>>>>>>> -------
>>>>>>> GET
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> /search?hl=tr&source=hp&biw=1276&bih=823&q=eee+ktu&aq=0&aqi=g10&aql=&oq=eee&fp=64d53dfd7a69225a&tch=3&ech=1ψ=6UBOTbHmCtah_Aa2haXRDw12969740590425&wrapid=tlif129697480915821&safe=active
>>>>>>> HTTP/1.1
>>>>>>
>>>>>> Note the missing http://domain details in the URL. This is not a
>>>>>> browser->proxy HTTP request. It is a browsers->origin request.
>>>>>>
>>>>>> IIRC interception of this type of request does not work in Windows,
>>>>>> since
>>>>>> the kernel NAT details are not available without proprietary
>>>>>> third-party
>>>>>> network drivers. Look at WPAD configuration of the localnet browsers
>>>>>> instead, that way they will send browser->proxy requests nicely.
>>>>>
>>>>> Exactly! The working requests are all starting with http://domain/ as
>>>>> you mentioned. (I must say I couldn't capture loopback network packets
>>>>> ...
>>>>
>>>> Squid needs to be configured via the http_port to know what mode/type of
>>>> traffic it is going to receive. The browsers need to be sending the right
>>>> type as well.
>>>
>>> I have
>>> -----
>>> http_port 3128
>>> -----
>>> in my configuration. Do I miss something?
>>
>> Yes. But you keep omitting the details of *how* browsers are getting to
>> squid, so we can't tell if you are attempting to run a transparent proxy or
>> a reverse proxy. Two very different configurations both in Squid and in the
>> network underneath.
>>
>> Please confirm your network layout and traffic flows including software
>> which is involved on each related machine.
>>
>
> My network has 20+ machines all connecting to internet individually
> through ONE adsl modem in my network (those are connected to each
> other with a switch). My browsers are configured to use the squid
> proxy explicitly (so I think it has nothing to to with transparency)
>
Okay. Then it is VERY weird that they would be behaving as if the proxy
were an origin server and not a proxy. None of the major browsers or
thousands of other agents out there display that type of confusion.
>>
>> You say this Squid is on Windows where interception type of transparent
>> proxy is not possible for free, but keep mentioning the public website
>> google as working.
>
> Actually I was trying to stress on the weird problem I encountered to
> help shed some light on the problem.
>
>>
>> I suspect you are trying to perform NAT interception on a separate box to
>> Squid. Which is highly dangerous.
>>
>
> I think NAT inspection you mentioned is not executed on the XP machine
> where squid is running, yes. But I am not sharing my internet
> connection through that windows machine. I just want clients (those
> browsers configured to use proxy) use the internal proxy.
If the NAT anywhere is forwarding packets to Squid it would display like
this inside Squid.
Check for NAT (sometimes called port forwarding) rules on that box
mentioning the Squid box. Remove any found.
As an experiment you can also add an full firewall block of HTTP traffic
coming out of the network form anywhere except the Squid box. If the
browsers are correctly configured and going
browser->squid->firewall->Internet then the client will not even notice
the firewall block.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.11 Beta testers wanted for 3.2.0.5Received on Fri Feb 25 2011 - 10:54:15 MST
This archive was generated by hypermail 2.2.0 : Mon Feb 28 2011 - 12:00:04 MST