> > I can't decide if this is a squid problem or an iptables problem, so I'm > asking here in case someone can point me in the right direction. > > ----------------------------- > Software/Environment details: > ----------------------------- > > jekyl:/home/david# uname -a > Linux jekyl 2.4.27-2-686 #1 Wed Aug 17 10:34:09 UTC 2005 i686 GNU/Linux > > jekyl:/home/david# iptables --version > iptables v1.2.11 > > jekyl:/home/david# squid -v > Squid Cache: Version 2.5.STABLE9 > configure options: --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/squid --localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-async-io --with-pthreads --enable-storeio=ufs,aufs,diskd,null --enable-linux-netfilter --enable-arp-acl --enable-removal-policies=lru,heap --enable-snmp --enable-delay-pools --enable-htcp --enable-poll --enable-cache-digests --enable-underscores --enable-referer-log --enable-useragent-log --enable-auth=basic,digest,ntlm --enable-carp --with-large-files i386-debian-linux > > jekyl:/home/david# cat /etc/debian_version > 3.1 > > -------------------------- > Issue/action Description > -------------------------- > > I am attempting to do transparent HTTP proxying with squid. This works > fine for traffic flowing in over individual interfaces, but not for > traffic arriving over a VPN (the proxy server is also a VPN gateway). > > Tracking packets using logging rules, it seems that the packets are > getting redirected, and even accepted, but are not arriving in userland, > or squid is dropping the requests. I can see no indication in the squid > logs that it is recieving the requests - no corresponding entries in > access.log or cache.log. The proxy can be accessed directly in all > cases, but not transparently via the VPN. > > In squid.conf i've got: >... http://squidwiki.kinkie.it/SquidFaq/InterceptionProxy?highlight=%28intercept%29#head-1cf13b27d5a6f8c523a4582d38a8cfaaacafb896 Especially the item concerning MTU will probably haunt you, in this case and there's no woraround for that. M.