On Mon, 27 Jul 2009 22:14:46 -0400, donovan jeffrey j <donovan@xxxxxxxxxxxxxx> wrote: > greetings > > i'm setting up a new squid box running 3.0 stable 16 in transparent > mode. > > the problem is, no call ever gets to squid, unless I configure the > client to look at " squidip " port 3128. Browser fails to connect. If > I tell the system to use proxy at squidip 3128, it works fine. > > I have made the new transparent changes to my config. and I have > redirected destined for port 80 to squid. > here is my simplified config. > > #l > > acl manager proto cache_object > acl localhost src 127.0.0.1/32 > > acl localnet src 192.168.1.100 255.255.255.255 > # > http_access allow manager localhost > http_access deny manager > http_access allow localnet > > # And finally deny all other access to this proxy > http_access allow all > > # NETWORK OPTIONS > # > ----------------------------------------------------------------------------- > > #http_port 3128 > http_port 10.0.2.3:3128 transparent > > #Default: > # cache_mem 8 MB > cache_mem 128 MB > > #Default: > # maximum_object_size_in_memory 8 KB > maximum_object_size_in_memory 80 KB > > ipcache_size 1024 > cache_dir ufs /usr/local/squid/var/cache 2048 16 256 > maximum_object_size 40 MB > > access_log /usr/local/squid/var/logs/access.log > cache_log /usr/local/squid/var/logs/cache.log > cache_store_log /usr/local/squid/var/logs/store.log > > #Suggested default: > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern (cgi-bin|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > > cache_effective_user squid > cache_effective_group wheel > visible_hostname hook2 > > ----- > #ipfw redirect > here you can see the redirect going to the port from the client > hook2:~ root# ipfw show > 00001 0 0 allow udp from any 626 to any dst-port 626 > 00500 0 0 fwd 127.0.0.1,3128 tcp from 10.135.1.100 to any dst- > port 80 in recv en1 > 65535 559 359882 allow ip from any to any > hook2:~ root# ipfw show > 00001 0 0 allow udp from any 626 to any dst-port 626 > 00500 1 64 fwd 127.0.0.1,3128 tcp from 192.168.1.100 to any > dst-port 80 in recv en1 > 65535 3530 2143506 allow ip from any to any > > the client is OSX 10.5.6 leopard. browser cannot connect. > any ideas ? Your firewall says its sending packets to 127.0.0.1,3128 Your new squid.conf says interception is happening on 10.0.2.3:3128 If you removed the IP or changed it to 127.0.0.1:3128 in squid.conf it would work. Amos
