Re: [squid-users] fedora12_tproxy

On 30/06/2013 7:54 a.m., z fazli wrote:
> my squid version is 3.3.2 and made a mistake when discribed
>
> about this part
>
> "localhost.localdomain" is in no way a unique name for your proxy.
>
> what is the problem? how can I solve it ? I followed steps from squid
> site and can not understand what is going wrong . can you help more?

When you type "hostname" on the command line of that server what shows up?
It should be a unique name for your server. In Linux it is configured in
/etc/hostname, if you use a GUI to configure it may be somewhere else.
That name needs to be registered in DNS and pointing at the machines IP
address(es), the IPs in turn need to be pointing at that hostname. Squid
will check these records when starting.

You can avoid the DNS setup by using visible_hostname directive in
squid.conf. But note that on any Internet connected machine there are a
lot of software which may require the hostname to be setup in order to
work correctly.

If the forwarding loop errors remain after you have made your squid
hostname unique you will need to double-check:
  1) how you are testing it... you MUST test it by being a client which
is intercpeted. Send your requests to port 80, *do not* send requests
directly to the Squid listening port.
  2) the packet routing and TPROXY rules .... ensure that only traffic
*from* the clients or *from* the Internet is being intercepted. Packets
leaving Squid in either direction MUST NOT be intercepted back into your
Squid.

Amos

> On 6/28/13, Amos Jeffries wrote:
>> On 29/06/2013 3:36 a.m., z fazli wrote:
>>> hi
>>>
>>> I have fedora 12 that upgraded it's kernel to 2.6.37 , and iptables
>>> 1.4.19 , i installed squid 3.2.2 in tproxy mod on it use steps from
>>> this link
>>>
>>> http://wiki.squid-cache.org/Features/Tproxy4#Feature:_TPROXY_version_4.1.2B-_Support
>>>
>>> everything seems ok but when I run squid and insert url in browser get
>>> this message
>>>
>>>
>>> ERROR
>>> The requested URL could not be retrieved
>>>
>>> The following error was encountered while trying to retrieve the URL:
>>> http://google.com/
>>>
>>> Access Denied.
>>>
>>> Access control configuration prevents your request from being allowed
>>> at this time. Please contact your service provider if you feel this is
>>> incorrect.
>>>
>>> Your cache administrator is webmaster.
>>>
>>> Generated Tue, 25 Jun 2013 12:34:53 GMT by localhost.localdomain
>>> (squid/3.3.2)
>> You say you installed 3.2.2 but some Squid-3.3.2 is responding to you.
>> Are you sure this is a message from your Squid?
>>
>>> and in terminal this message :
>>>
>>> 2013/06/26 14:55:35| WARNING: Forwarding loop detected for:
>>> POST
>>> /safebrowsing/downloads?client=navclient-auto-ffox&appver=3.5.4&pver=2.2&wrkey=AKEgNivruGNaM449DFDdRiYv81wyGtp5gMSMU4fMMS_g2YKGXmFhYZxbsymSyj14q22Xr7_cCx0nRwFKaCNyKKvMEev0WhcpRg==
>>> HTTP/1.1
>>> Host: safebrowsing.clients.google.com
>>> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.4)
>>> Gecko/20091027 Fedora/3.5.4-1.fc12 Firefox/3.5.4
>>> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>>> Accept-Language: en-us,en;q=0.5
>>> Accept-Encoding: gzip,deflate
>>> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>>> Content-Length: 110
>>> Content-Type: text/plain
>>> Cookie:
>>> PREF=ID=1b085458083db40f:U=8d54b4985abb086f:FF=0:TM=1371881983:LM=1371882262:S=gjQlM4Sqrueu3KHq;
>>> NID=67=YXYmGeg68fPjuU2-QOne46eStjqotGcE0AZTiWmbRXT2klqJYDLayVduleh1HnEFN-CyfZSTsgJABBKwm3dAP3Cvxi8_yZRnIE5zQSYScyHMc03Tz-37Mu8vur3WU4yH
>>> Via: 1.1 localhost.localdomain (squid/3.3.2)
>>> X-Forwarded-For: 10.1.110.83
>>> Cache-Control: max-age=0
>>> Connection: keep-alive
>> <snip>
>>> also this in my squid access log
>>>
>>> 1372164328.471 0 10.1.110.83 TCP_MISS/403 4642 POST
>>> http://safebrowsing.clients.google.com/safebrowsing/downloads? -
>>> HIER_NONE/- text/html
>>> 1372164328.471 3 10.1.110.83 TCP_MISS/403 4725 POST
>>> http://safebrowsing.clients.google.com/safebrowsing/downloads? -
>>> HIER_DIRECT/10.1.110.83 text/html
>> <snip>
>>> what is the problem?
>> The DNS records for "safebrowsing.clients.google.com" (aka DIRECT) tell
>> Squid that safebrowsing.clients.google.com is located at 10.1.110.83 ...
>>
>> ... take a guess.
>>
>> Secondly. The whole purpose of having a hostname assigned to each
>> machine is to allow automated systems like forwarding loop detection to
>> determine the difference between any two hosts on the *entire* Internet.
>> Combining the host name with the site domain name produces a FQDN which
>> is unique. "localhost.localdomain" is in no way a unique name for your
>> proxy.
>>
>> Amos
>>
Received on Sun Jun 30 2013 - 02:28:51 MDT