Here I'm having the same problem with Linux. When I try to do a transparent proxy with: iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-port 3128 I can see in cache.log hundreds of messages like: 2006/07/04 18:39:20| Failed to select source for 'http://www.britos.com.br/imgs/menu/logistica_down.gif' 2006/07/04 18:39:20| always_direct = -1 2006/07/04 18:39:20| never_direct = 0 2006/07/04 18:39:20| timedout = 0 2006/07/04 18:39:20| Failed to select source for 'http://www.britos.com.br/imgs/menu/logistica_over.gif' 2006/07/04 18:39:20| always_direct = -1 2006/07/04 18:39:20| never_direct = 0 2006/07/04 18:39:20| timedout = 0 Edinilson --------------------------------------------------------- ATINET-Professional Web Hosting Tel Voz: (0xx11) 4412-0876 http://www.atinet.com.br ----- Original Message ----- From: "Andrew Pantyukhin" <infofarmer@xxxxxxxxxxx> To: <squid-users@xxxxxxxxxxxxxxx> Sent: Wednesday, July 05, 2006 6:25 AM Subject: squid 2.6 + transparent + ipfw I can't figure out how to use transparent squid 2.6 with ipfw. I don't use --enable-{ipf,pf}-transparent because I only use ipfw (ipfirewall), not ipf (IP filter) or pf (packet filter). I also don't use --enable-linux-{netfilter,tproxy}, because I've got FreeBSD installed, not Linux. My guess is for transparent proxying to work one of these options has to be enabled. Let's see what happens. I compiled squid without any of these options. In cache.log I see: Accepting transparently proxied HTTP connections at 0.0.0.0, port 3128, FD 12. Great! But when I actually try to forward any packets there, I get this in cache.log: 2006/07/05 12:04:31| WARNING: transparent proxying not supported 2006/07/05 12:04:31| Failed to select source for 'http://mail.ru/' 2006/07/05 12:04:31| always_direct = 0 2006/07/05 12:04:31| never_direct = 0 2006/07/05 12:04:31| timedout = 0 this in access.log: 1152086671.736 1 10.17.225.45 TCP_MISS/503 1589 GET http://mail.ru/ - NONE/- text/html and this in the browser: <...> The following error was encountered: * Unable to forward this request at this time. <...> With squid 2.5, I didn't have to compile it with any transparency-related options, it just worked. Squid did not have a notion of being transparent, so it worked great. Now I have to wonder how to get it working. Can I use accelerator options to bring back the old behavior? Can I compile squid with other options and use it with ipfw? Any help will be much appreciated, thanks!
