First of all I am not sure if this is a squid problem but it is where the errors are so I will start here. I have a fc3 box with squid 2.5.11, dg 2.8.0, and shorewall 2.4.2. I have routing and everything working great with an external interface(eth0), dmz(eth1),and 2 internal lans(eth3,4) Here is my problem. I am trying to make this a transparent proxy. I am going to take dans out of the loop and do all testing direct to 3128. My shorewall rule is REDIRECT Ol:10.20.0.19 3128 tcp www - !10.10.1.2 I am only forwarding 1 machine for testing. If I set my browser to directly connect to the proxy everything outside the firewall works great, but the server on my dmz gets a (111) connection refused error. If I use shorewall to direct my machine the server on my dmz works fine, but I get this error when I try and access anything outside my box. The requested URL could not be retrieved While trying to retrieve the URL: http://yahoo.com/ The following error was encountered: Unable to determine IP address from host name for yahoo.com The dnsserver returned: Name Error: The domain name does not exist. This means that: The cache was not able to resolve the hostname presented in the URL. Check if the address is correct. Your cache administrator is root. I have googled this thing to death for the last 2 weeks, tried varius lug groups and I am not making any ground. The only difference I see is in the squid access log is the none and direct with an ip address. TCP_MISS/503 1466 GET http://mozilla.com/ - NONE/- text/html is from the shorewall directed machine TCP_MISS/301 583 GET http://mozilla.com/ - DIRECT/207.126.111.202 text/html is from the browser pointed machine. Here is my squid.conf file acl all src 0.0.0.0/0.0.0.0 acl passport dstdomain .passport.com acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl Olivia src 10.x.x.x/255.255.255.0 acl Bird src 10.x.x.x/255.255.255.0 http_access allow Olivia http_access allow passport http_access allow Bird httpd_accel_host virtual httpd_accel_port 80 httpd_accel_single_host on httpd_accel_with_proxy on httpd_accel_uses_host_header on acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 80 21 443 563 70 210 1025-65535 http_access deny !Safe_ports acl CONNECT method CONNECT no_cache deny !SSL_ports I will be forever greatful to anyone that can help me out with this. TIA, Justin Vogt BOLD Schools Technology Coordinator Justin.Vogt@xxxxxxxxxxxxxx (320)523-1031 ext.117
