Based on the responses I have received from this list, I have made the following change: Original line: http_port 3328 Changed line: http_port 3328 transparent I have determined that my squid was configured with --enable-linux-netfilter. I also changed no_cache deny QUERY to cache deny QUERY, altough squid did not give me an error about this. Then I received a new error from my web browser. It was something about "the request cannot be forwarded at this time, squid is not allowed to contact servers directly and there are no parent proxies available" or something like that. So I had to add the following to my squid.conf: always_direct allow all Is this a correct? Is this supposed to be in my configuration or is it a hack/security risk/workaround? I read the documentation and I don't really understand it, but it did get me past that error. Now I have a new problem once again. My DNS lookups were timing out, squid was reporting "the dnsserver returned: TIMEOUT" I checked my /etc/resolv.conf and it has listed the 2 DNS servers that I got from my ISP when I connected (using pon/poff) So, for some reason squid is NOT reading my /etc/resolv.conf file. To work around this problem I have added the following line to my squid.conf file: dns_nameservers XXX.XXX.XXX.XXX According to documentation, I should NOT need the above line if I do indeed have an /etc/resolv.conf file. So this is an obvious band-aid that needs to be fixed!! My DNS servers change every time I reconnect. But when the line is there... IT FINALLY WORKS!!!!( Once I figured out that redirect_program was changed to url_rewrite_program) [rant] honestly, that pees me off - why change the name of a variable if it has the same function? To make it so that people cannot use their tried and true conf files when they upgrade, that's why. [/rant] To recap, my questions are: 1. Is always_direct allow all supposed to be there? 2. How to get squid to read my /etc/resolv.conf file? Thank you very much. Angela Burrell -----Original Message----- From: Angela Burrell [mailto:angela@xxxxxxxxxxxxxxxxxxx] Sent: March 1, 2007 2:42 PM To: squid users Subject: ERR_INVALID_REQ - Invalid Request Hi I hope someone can help me! I am running Squid 2.6.STABLE1 on Ubuntu Edgy 6.10 (Kernel 2.6.17-amd64). Squid is listening on port 3328. I am in the process of changing servers from Mandrake MNF, Kernel 2.4.18-8 with Squid 2.4.STABLE7. I want my configurations to be exactly the same, so I have copied over lots of things like my squid.conf and my firewall script. The configuration file I have included currently works with my old server. On my new Ubuntu server the squid program starts up OK. Oh, I also have SquidGuard running. This is the line in my firewall that redirects the HTTP requests from port 80 to port 3328: iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3328 When I comment out this line, clients on the LAN can get through to the Internet. When the above line is implemented, we get the following error in all browsers, to all hosts. ERR_INVALID_REQ The following error was encountered: Invalid Request Some aspect of the HTTP Request is invalid. Possible problems: Missing or unknown request method Missing URL Missing HTTP Identifier (HTTP/1.0) Request is too large Content-Length missing for POST or PUT requests Illegal character in hostname; underscores are not allowed Your cache administrator is webmaster. Generated Wed, 28 Feb 2007 22:49:09 GMT by squid (squid/2.6.STABLE1) Here is my squid.conf file, hoping it will help. ############################ http_port 3328 icp_port 0 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \ ? no_cache deny QUERY cache_mem 16 MB cache_dir diskd /var/spool/squid 1000 16 256 # Redirector redirect_program /usr/local/bin/squidGuard -c /etc/squid/squidGuard.conf redirect_children 32 half_closed_clients off refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 # ACLs acl Eth1 src 192.168.1.0/255.255.255.0 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 21 443 563 70 210 1025-65535 acl Safe_ports 280 488 591 777 22 acl CONNECT method CONNECT acl PURGE method PURGE # the below line is to set the local website not to cache acl erc dstdomain .ercsarnia.ca acl erc dstdomain .ercsarnia.com always_direct allow erc no_cache deny erc http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow Eth1 http_access allow PURGE localhost http_access deny PURGE http_access deny all icp_access allow all miss_access allow all # The below line is for compatibility with Hotmail # anonymize_headers deny Accept-Encoding # doesn't work with squid 2.6? # user/group cache_effective_user squid cache_effective_group squid visible_hostname squid # Timeout settings connect_timeout 2 minutes request_timeout 30 seconds # Customised error pages err_html_text angela@xxxxxxxxx # doesnt seem to work? memory_pools off ######################################