Dong-Yuan Shih wrote:
2010/3/8 Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx>:
mån 2010-03-08 klockan 19:56 +0800 skrev Dong-Yuan Shih:
when i start my squid proxy
the traffic is via ppp0 to internet
but url filter rule is notworking !!!!!!!!!
Is there anything in access.log?
Regards
Henrik
there is nothing access.log
Therefore requests are not arriving at Squid.
Your iptables rules are not working.
cache log
2010/03/08 12:27:44| WARNING: -D command-line option is obsolete.
2010/03/08 12:27:44| Warning: empty ACL: acl exempt src
Strangely there is no such ACL in the config you told us you were running...
2010/03/08 12:27:44| Starting Squid Cache version 3.1.0.14 for
i686-pc-linux-gnu...
2010/03/08 12:27:44| Process ID 29452
2010/03/08 12:27:44| With 1024 file descriptors available
2010/03/08 12:27:44| Initializing IP Cache...
2010/03/08 12:27:44| DNS Socket created at [::], FD 4
2010/03/08 12:27:44| Adding nameserver 168.95.1.1 from /etc/resolv.conf
2010/03/08 12:27:44| Unlinkd pipe opened on FD 9
2010/03/08 12:27:44| Store logging disabled
2010/03/08 12:27:44| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2010/03/08 12:27:44| Target number of buckets: 1008
2010/03/08 12:27:44| Using 8192 Store buckets
2010/03/08 12:27:44| Max Mem size: 262144 KB
2010/03/08 12:27:44| Max Swap size: 0 KB
2010/03/08 12:27:44| Using Least Load store dir selection
2010/03/08 12:27:44| Current Directory is /usr/local/squid
2010/03/08 12:27:44| Loaded Icons.
2010/03/08 12:27:44| Accepting spoofing HTTP connections at
0.0.0.0:3129, FD 10.
TPROXY is up and running as far as Squid can tell.
However, note that 3.1.0.14 does not have the upgrade to warn properly
when libcap2 is missing or not working properly. You will need the to
build Squid from the current snapshot to get that. We had a bug that
broke TPROXY for 3.1.0.16 and 3.1.0.17 release bundles sorry.
2010/03/08 12:27:44| HTCP Disabled.
2010/03/08 12:27:44| IcmpSquid.cc(253) Open: Pinger socket opened on FD 12
2010/03/08 12:27:44| Squid modules loaded: 0
2010/03/08 12:27:44| Ready to serve requests.
2010/03/08 12:27:45| storeLateRelease: released 0 objects
#http_port 3128 tproxy transparent
this syntax is not support
Yes, that is broken syntax above.
or
http_port 3128 transparent
http_port 3129 tproxy
# Receive DNAT or REDIRECT traffic (for squid 3.1)
http_port 3128 intercept
# Receive TPROXY traffic
http_port 3129 tproxy
i'm so confuse
everything is fine when i use squid 3.0
i just modify conf
add visible_hostname
and #cache_dir null /tmp
http_port 3129 tproxy
thanks for any advice
3.0 does not support TPROXY so it will not work, even if it looks fine
and requests happen. Your logs will be garbage and no spoofing will happen.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE24
Current Beta Squid 3.1.0.17