greetings
i'm setting up a new squid box running 3.0 stable 16 in transparent
mode.
the problem is, no call ever gets to squid, unless I configure the
client to look at " squidip " port 3128. Browser fails to connect. If
I tell the system to use proxy at squidip 3128, it works fine.
I have made the new transparent changes to my config. and I have
redirected destined for port 80 to squid.
here is my simplified config.
#l
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl localnet src 192.168.1.100 255.255.255.255
#
http_access allow manager localhost
http_access deny manager
http_access allow localnet
# And finally deny all other access to this proxy
http_access allow all
# NETWORK OPTIONS
#
-----------------------------------------------------------------------------
#http_port 3128
http_port 10.0.2.3:3128 transparent
#Default:
# cache_mem 8 MB
cache_mem 128 MB
#Default:
# maximum_object_size_in_memory 8 KB
maximum_object_size_in_memory 80 KB
ipcache_size 1024
cache_dir ufs /usr/local/squid/var/cache 2048 16 256
maximum_object_size 40 MB
access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log /usr/local/squid/var/logs/store.log
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_effective_user squid
cache_effective_group wheel
visible_hostname hook2
-----
#ipfw redirect
here you can see the redirect going to the port from the client
hook2:~ root# ipfw show
00001 0 0 allow udp from any 626 to any dst-port 626
00500 0 0 fwd 127.0.0.1,3128 tcp from 10.135.1.100 to any dst-
port 80 in recv en1
65535 559 359882 allow ip from any to any
hook2:~ root# ipfw show
00001 0 0 allow udp from any 626 to any dst-port 626
00500 1 64 fwd 127.0.0.1,3128 tcp from 192.168.1.100 to any
dst-port 80 in recv en1
65535 3530 2143506 allow ip from any to any
the client is OSX 10.5.6 leopard. browser cannot connect.
any ideas ? my previous setup used these transparent options,
http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
tia
-jeff