OK, after a bit more trial and error I think I've found something that
works.
So, using iptables to capture all outgoing traffic and forcing it to
squid using:
iptables -t nat -A PREROUTING -p tcp -m tcp -s 10.0.0.0/8 --dport 80
-j DNAT --to-destination 10.200.1.100:3128
Configured squid 2.6STABLE3 with:
./configure --disable-http-violations --with-large-files
--enable-linux-netfilter
[note: I have to disable-http-violations since a windows app consults a
web site containing underscores]
Previously I had configured without --enable-linux-netfilter and that is
probably why squid was adding 3128 to all outgoing requests.
So my rough config file looks like:
http_port 3128 transparent
cache_peer localhost sibling 3128 0
The BIGGEST problem appeared to be with the cache_peer line and
specifying "parent". This resulted in the cache.log file showing:
WARNING: Forwarding loop detected for
presumably since squid was trying to contact the "parent" for the cache
and the "parent" was itself so it didn't like the loop. Changing
"parent" to "sibling" appears to have fixed the problem.
++Tait
