Re: [squid-users] Re: How to make Squid 3.3.8 a transparent proxy?

> Mojn, mojn :-)

Gruezi babajaga,

thank you for your hints!

> You only allow access to your squid from "localhost".
> So
> http_access allow all
> would fix it.

here my current squid.conf:
-----%<-----
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# http_access deny !Safe_ports
# http_access deny CONNECT !SSL_ports
# http_access allow localhost manager
# http_access deny manager
# http_access allow localhost
# http_access deny all
http_access allow all
http_port 3128 intercept
coredump_dir /var/spool/squid3
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
-----%<-----

It still does not work. I also read that using
-----%<-----
http_port 3128 transparent
-----%<-----
is deprecated. Thus I tried:
-----%<-----
http_port 3128 intercept
-----%<-----
But it does not work either.

Here what /var/log/squid3/access.log tells when I try to access a website:
-----%<-----
1397848529.466 1029 127.0.0.1 TCP_MISS/503 4320 GET
http://www.design-to-use.de/index.php? - HIER_DIRECT/127.0.0.1 text/html
1397848530.502 999 127.0.0.1 TCP_MISS/503 4099 GET
http://www.squid-cache.org/Artwork/SN.png - HIER_DIRECT/127.0.0.1 text/html
-----%<-----

Do you have any other ideas?

> I do not see any connection to DG in your config ... Most likely, DG should
> be upstream proxy to squid,
> so the chain of proxies might be like this:
> client ---- squid(transparent) ----DG ----web

Here is my use case:
browser --- dansguardian (port 8080) --- squid (port 3128) --- web
Everything is on the same laptop. There are no connects from local networks.

That is how it works with squid 3.1.20

> Then you need something like
> cache_peer 127.0.0.1 parent DG-port 0 no-query no-digest no-netdb-exchange
> in your squid.conf

Is this needed for my scenario, too?

Thanks for your answer and time! Any idea is welcome for my last squid
configuration was two years ago and I am less than up to date.

Greetings,

Tobias
Received on Fri Apr 18 2014 - 19:20:06 MDT