Search squid archive

problem with transparent proxy virtual ports

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Problem with transparent proxy virtual ports

I am using squid-2.5.13 (latest version) on remote box with this 
configuration:


========================
# cat /etc/squid/squid.conf
http_port 1080
icp_port 0
acl QUERY urlpath_regex .*
no_cache deny QUERY
cache_dir aufs /var/cache/squid 32 16 256
acl all src 0.0.0.0/0.0.0.0
http_access allow all
httpd_accel_host virtual
httpd_accel_port 0
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
header_access X-Forwarded-For deny all
header_access Via deny all
========================


Port 1080 is opened on this firewalled remote server. On my home PC where i am 
using proxy i have iptables set to use proxy server for all IP 
excepting /etc/local.net:

========================
IPT="/sbin/iptables"
LV_IPS=$(grep -v "#" /etc/local.net)
for i in ${LV_IPS}; do
 ${IPT} -t nat -A OUTPUT -d ${i} -j ACCEPT
 ${IPT} -t nat -A PREROUTING -d ${i} -j ACCEPT
done

${IPT} -t nat -A OUTPUT -p tcp -j DNAT --to-destination 
my_proxy_server_ip:1080
========================


In iptables it result like this:

========================
[...]
-A OUTPUT -d 195.178.96.0/255.255.254.0 -j ACCEPT
-A OUTPUT -d 195.246.226.0/255.255.254.0 -j ACCEPT
-A OUTPUT -d 194.50.105.0/255.255.255.0 -j ACCEPT
-A OUTPUT -p tcp -j DNAT --to-destination my_proxy_server_ip:1080
========================


Same configuration works perfectly for my friend but i got problem - when i 
try to open, for example, http://www.gentoo.org , squid requests 
http://www.gentoo.org:1080 . I got line "httpd_accel_port 0" in my squid 
configuration which must request virtual port 80 if i try to open 
gentoo.org:80 , not 1080. Quote from squid documentation:

========================
Tag Name httpd_accel_port
Usage httpd_accel_port port
Description

Accelerated requests can only be forwarded to one port: There is no table that 
associates accelerated hosts and a destination port. Squid will connect to 
the port that you set the httpd_accel_port value to. When acting as a 
front-end for a web server on the local machine, you will set up the web 
server to listen for connections on a different port (8000, for example), and 
set this squid.conf option to match the same value. If, on the other hand, 
you are forwarding requests to a set of slow backend servers, they will 
almost certainly be listening to port 80 (the default web-server port), and 
this option will need to be set to 80. If you want virtual port support then 
specify the port as "0"
========================


If i set httpd_accel_port to 80 - everythink works perfect only for port 80.

Why "httpd_accel_port 0" doesn`t work like i need? Maybe it`s firewall 
problem? Thanks.
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux