You need to begin debugging this by looking at wireshark/ethereal packet dumps. Try to figure out what the client/server is doing that confuses Squid (or confuses the client/server.) Adrian On Tue, Dec 04, 2007, Taras Panchyshyn wrote: > I want to use SQUID 2.6.STABLE16 as transparent proxy. > I have Linux fedora core 7 as router and squid is installed there also. > > Iptables configuration: > *nat > :PREROUTING ACCEPT [2844662:160578712] > :POSTROUTING ACCEPT [168208:16839419] > :OUTPUT ACCEPT [115780:8771449] > #redirect http requests to squid > -A PREROUTING -s 10.10.15.0/255.255.255.0 -p tcp -m tcp --dport 80 -j > REDIRECT --to-ports 3128 > # pass through NAT everything else > -A POSTROUTING -s 10.10.15.0/255.255.255.0 -d ! 10.10.15.0/255.255.255.0 -o > eth2 -j MASQUERADE > COMMIT > > Squid configuration > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > acl our_network src 10.10.15.0/24 > > http_access allow manager localhost > http_access deny manager > http_access deny CONNECT !SSL_ports > http_access allow localhost > http_access allow our_network > http_access deny all > icp_access allow all > > http_port 10.10.15.1:3128 transparent > cache_dir ufs /var/spool/squid 10000 16 256 > > Everything works, instead Citrix Metaframe client (ICA32t.exe). When I try > to connect to Citrix server I receive such message: "Cannot connect to the > citrix MetaFrame server. Unable to contact the MetaFrame server browser. > There may be network problems, or you may need to configure or correct the > server address in the Server Location field" > > Here is access.log in squid: > Tail -f /var/log/sguid/access.log > 1196707494.281 81 10.10.15.30 TCP_MISS/404 1203 POST > http://213.179.13.203/scripts/WPnBr.dll - DIRECT/213.179.13.203 text/html > 1196707494.371 79 10.10.15.30 TCP_MISS/400 274 POST > http://213.179.13.204/scripts/WPnBr.dll - DIRECT/213.179.13.204 - > 1196707494.487 104 10.10.15.30 TCP_MISS/400 274 POST > http://213.179.13.107/scripts/WPnBr.dll - DIRECT/213.179.13.107 - > 1196707494.740 105 10.10.15.30 TCP_MISS/400 274 POST > http://213.179.13.114/scripts/WPnBr.dll - DIRECT/213.179.13.114 - > 1196707494.836 92 10.10.15.30 TCP_MISS/400 274 POST > http://213.179.13.118/scripts/WPnBr.dll - DIRECT/213.179.13.118 - > > When I delete http redirection from iptables and set proxy address manually > in internet explorer, citrix works fine. > Access.log gives me such information: > > Tail -f /var/log/sguid/access.log > 1196707587.173 349 10.10.15.30 TCP_MISS/200 11048 CONNECT > gatewaynetworks.dainrauscher.com:443 - DIRECT/199.250.13.52 - > 1196707587.242 51 10.10.15.30 TCP_MISS/200 39 CONNECT > gatewaynetworks.dainrauscher.com:443 - DIRECT/199.250.13.52 - > > Also, I am able connect to citrix application without proxy server at all > (through NAT). > > One more detail: when redirection is on and proxy server is set up > manually in Internet explorer, citrix doesn't work also. > Access.log: > Tail -f /var/log/sguid/access.log > 1196707035.421 753 10.10.15.30 TCP_MISS/200 18741 CONNECT > gatewaynetworks.dainrauscher.com:443 - DIRECT/199.250.13.52 - > 1196707036.550 86 10.10.15.30 TCP_MISS/404 1203 POST > http://199.250.13.203/scripts/WPnBr.dll - DIRECT/199.250.13.203 text/html > 1196707036.640 84 10.10.15.30 TCP_MISS/400 274 POST > http://199.250.13.204/scripts/WPnBr.dll - DIRECT/199.250.13.204 - > 1196707036.745 100 10.10.15.30 TCP_MISS/400 274 POST > http://199.250.13.107/scripts/WPnBr.dll - DIRECT/199.250.13.107 - > 1196707036.849 94 10.10.15.30 TCP_MISS/400 274 POST > http://199.250.13.114/scripts/WPnBr.dll - DIRECT/199.250.13.114 - > 1196707037.003 80 10.10.15.30 TCP_MISS/400 274 POST > http://199.250.13.118/scripts/WPnBr.dll - DIRECT/199.250.13.118 - > > Where is a problem ? > > Please help, who knows solution. > Thank you very much -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
