Search squid archive

RE: Transparent Proxy not working in 3.0 STable1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Totally correct Amos

I rebuilt with netfilter only and works great, thanks

Alan


-----Original Message-----
From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] 
Sent: 14 February 2008 22:04
To: WRIGHT Alan
Cc: squid-users@xxxxxxxxxxxxxxx
Subject: Re:  Transparent Proxy not working in 3.0 STable1

> Hi Folks,
>
> I have installed squid 3.0 stable 1 and have configured it for
> transparent mode.
>
> Somehow it doesn't seem to work correctly.
>
> When it runs, it shows that it is running in transparent mode, but
then
> when HTTP requests hit the box it gives the WARNING: Transparent
> proxying not supported. The web browser shows an error page but from
the
> squid itself (Error: HTTP 400 Bad Request - Invalid URL.....).
>
> When I configured the build, I used the tproxy and the netfilter
options
> for transparent proxying as I wasn't sure what one I needed.

At present only one transparency option will work and build. The tproxy
configure option is for kernels patched with the TROXY patch from
balabit.
The netfilter option is for standard kernels using iptables NAT
REDIRECT.

You will need to pick the one that applies to you and re-build squid.

>
> Does anyone have a clue why it will not run in transparent mode.
>
> I am pretty sure my iptables is OK

It probably is, but squid when configured with multiple transparency
options squid prefers the more transparent option (TPROXY is the only
completely transparent).

It sounds like you need to drop the tproxy.

Amos

>
> Here is what the trace shows:
>
> No.     Time        Source                Destination
Protocol
> Info
>      20 12.102354   192.168.26.128        192.168.130.250       HTTP
> GET / HTTP/1.1
>
> Frame 20 (493 bytes on wire, 493 bytes captured)
> Ethernet II, Src: 00:0c:29:e8:3d:07, Dst: 00:0c:29:01:ce:bc
> Internet Protocol, Src Addr: 192.168.26.128 (192.168.26.128), Dst
Addr:
> 192.168.130.250 (192.168.130.250)
> Transmission Control Protocol, Src Port: 44418 (44418), Dst Port: http
> (80), Seq: 1, Ack: 1, Len: 427
> Hypertext Transfer Protocol
>     GET / HTTP/1.1\r\n
>     Host: 192.168.130.250\r\n
>     User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1)
> Gecko/20060313 Fedora/1.5.0.1-9 Firefox/1.5.0.1 pango-text\r\n
>     Accept:
>
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plai
> n;q=0.8,image/png,*/*;q=0.5\r\n
>     Accept-Language: en-us,en;q=0.5\r\n
>     Accept-Encoding: gzip,deflate\r\n
>     Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n
>     Keep-Alive: 300\r\n
>     Connection: keep-alive\r\n
>     \r\n
>
> No.     Time        Source                Destination
Protocol
> Info
>      22 12.157274   192.168.130.250       192.168.26.128        HTTP
> HTTP/1.0 400 Bad Request (text/html)[Short Frame]
>
> Frame 22 (1514 bytes on wire, 500 bytes captured)
> Ethernet II, Src: 00:0c:29:01:ce:bc, Dst: 00:0c:29:e8:3d:07
> Internet Protocol, Src Addr: 192.168.130.250 (192.168.130.250), Dst
> Addr: 192.168.26.128 (192.168.26.128)
> Transmission Control Protocol, Src Port: http (80), Dst Port: 44418
> (44418), Seq: 1, Ack: 428, Len: 1448
> Hypertext Transfer Protocol
>     HTTP/1.0 400 Bad Request\r\n
>     Server: squid/3.0.STABLE1\r\n
>     Mime-Version: 1.0\r\n
>     Date: Thu, 14 Feb 2008 04:44:37 GMT\r\n
>     Content-Type: text/html\r\n
>     Content-Length: 1447\r\n
>     Expires: Thu, 14 Feb 2008 04:44:37 GMT\r\n
>     X-Squid-Error: ERR_INVALID_URL 0\r\n
>     X-Cache: MISS from localhost.localdomain\r\n
>     Via: 1.0 localhost.localdomain (squid/3.0.STABLE1)\r\n
>     Proxy-Connection: close\r\n
>     \r\n
>
> TIA
>
> Alan
>
>
>
>
>





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux