> I'm serving in Iraq, where bandwidth is low and DNS servers are thousands > of miles away. squid is a great solution for my unit. > > I set up squid-3.0-STABLE8 behind SNAT to do intercetion caching with the > standard: > > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT > --to-port 3128 > > and http_port 3128 transparent > > but squid does not intercept the packets. Setting the proxy in the > browsers (IE7 and Forefox3) results in squid caching as expected. After > many agonizing days of trying to determine why I was not getting hits when > leaving the browsers un-configured, I finally had everyone set their proxy > settings to the server and port 3128 (dhcpd takes care of pointing them at > the right subnet and gateway). The issues I now face are that other apps > don't run right, particularly for the Mac guys (can't have seperate > settings in browser and other network apps). I need to run this > transparently if at all possible. > > Am I missing something with the newest browsers? tcpdump did report that > IE7 was sending packets to port 137. Is Firefox also sending to > non-standard ports? I even tried DNAT'ing everything from eth1 to port > 3128 as a test, but no hits. Do I have squid listen on all possible tcp > ports used by both browsers? Is iptables 1.4.1 buggy (doubtful)? Do I > re-route all possible tcp ports to 3128? If so, does anyone know what all > of the ports used by these two browsers are? Are the browsers sending out > "Don't intercept me" headers when in default setup and "Intercept me" > headers when configured for proxy? I'm at a loss. > > squid is doing a fantastic job of keeping a lot of traffic local, but I > fear I will have to cease using it in order to keep everything else > working if I can't solve this. IM and VC apps top the list down here since > everyone tries to stay in touch with home, so I have to keep them working. > > Thanks so much for any help, > Jason > A couple of Qs. - is your squid built with --enable-linux-netfilter ? - is squid running on the NAT box? - are the requests just dying, or being served okay as TCP_MISS? - whats the rest of your config say? To keep explicit config (it is better anyway). Windows people are screwed (way to go MS). For the non-Windows users there is a global environment variable in most OS which applications usually use for proxy settings: http_proxy="http://fubar.example.org:3128/"; or a control panel somewhere in the OS for 'proxy settings' which sets it properly for the whole machine. Not in the browser-only settings. Amos
