On Sat, Sep 16, 2006, Michael Carmody wrote: > I just subscribed to this list for the exact same problem. > > Running Squid Stable 3, and proxy works fine when entered into browser but > transparent mode seems broken, with the port 3128 being appended to all > requests and the access log only sometimes logging the request at all. > > Having also seen umpteen references to release notes, and having http_port > 3128 transparent there from the beginning. This is getting mildly > frustrating... > > Someone with a working transparent STABLE3 setup want to offer a suggestion ? Tried vport=80 there? That works for me. The cute thing about "transparent" proxying under Squid is that it isn't limited to web services running on port 80. Adrian > > On Saturday 16 September 2006 14:50, W. Tait Cyrus wrote: > > OK. I've spent the past 4 hours searching old postings and squid > > related web sites for this answer and seem to find things keep leading > > in circles. > > > > I have a Linux 2.6.17 firewall running squid and squidGuard. The > > firewall is configured such that all outgoing http access gets NATed to > > port 3128 (on the fw) where squid then runs squidGuard to filter out > > "bad" sites. That is ALL squid is intended for is to run squidGuard on > > all outgoing web accesses. I need this type of configuration since > > updating the proxy in the web browsers is too easy to turn off (and gain > > access to the "bad" sites) so I need something transparent. > > > > I had been running squid squid-2.5.STABLE12 with little problems, but > > did run into a problem with an app failing to update itself via http > > (because squid got in the way) so I wanted to upgrade to 2.6.STABLE3 > > hoping the problem would be fixed. Unfortunately I can't get > > 2.6.STABLE3 configured to work the same way. > > > > Many of the previous posting suggest: > > - read the release notes: > > well, I've done that and they don't given any examples, only a word > > description that > > an "option" can be used to do this. So it isn't clear at all what > > the correct form of > > the options are to configure squid to be transparent since it > > appears that multiple > > options are required and no where are they all together discussed > > - read the FAQ > > again it says almost the same thing, or doesn't exist (one wiki was > > still being written in regards > > to transparent proxy setup) > > - or they suggest things which didn't work (or produced startup errors) > > > > My previous configuration was basically: > > > > httpd_accel_port 80 > > httpd_accel_host virtual > > httpd_accel_with_proxy on > > httpd_accel_uses_host_header on > > > > with iptables configured with: > > iptables -t nat -A PREROUTING -p tcp -m tcp -s 10.0.0.0/8 --dport 80 -j > > DNAT --to-destination 10.200.1.100:3128 > > > > So only outgoing port 80 were NAT'ed to 3128. All incoming port 80 are > > dealt with separately (forwarded to the web server). > > > > I've tried the following squid config (since that seemed to be what most > > people suggested) without success: > > http_port 3128 transparent > > cache_peer localhost parent 3128 0 no-query originserver > > but this mangles the URL adding port 3128 to the host. I.e. changes > > http://google.com to http://google.com:3128 > > Even tried variations on http_port and cache_peer. > > > > So is there a simple example of how to set up a transparent proxy (local > > cache)? > > > > tia > > ++Tait
