Hi, I'm trying squid 3.2 (since I'll need some of the new features), but I'm having troubles using it in intercept mode, when used along with an upstream proxy. Requests are forwarded to squid, but never sent to the upstream proxy; using squid directly (setting it into the browser), the requests are forwarded to the upstream. Notice that I'm sure enough that my iptables rules are correct, and that the upstream proxy is correctly configured (simply, there's no traffic to it, when squid is used in transparent mode). Using the same configuration with squid 3.1, also the requests handled in intercept mode are forwarded to the upstream. Any idea? Thanks! These are the more meaningful parts of the configuration: ========================================== http_port 172.30.0.16:18080 intercept http_port 0.0.0.0:8080 server_persistent_connections off half_closed_clients off forwarded_for on acl from_all src all acl to_all dst all acl from_localhost src 127.0.0.1/32 acl CONNECT method CONNECT acl to_http_port port 80 acl to_proxy_port port 8080 acl to_internal_network dst 172.30.0.16 cache deny from_localhost cache deny CONNECT cache allow from_all http_access allow from_localhost http_access deny to_internal_network to_proxy_port http_access deny from_all http_reply_access allow from_localhost http_reply_access deny from_all visible_hostname off # Dansguardian or an upstream proxy. cache_peer 127.0.0.1 parent 9999 0 no-query no-digest no-netdb-exchange name=default login=*:password cache_peer_access default deny from_localhost cache_peer_access default deny from_all never_direct deny from_localhost never_direct allow from_all ========================================== When used in intercept mode, squid handles the request by itself: ==> /var/log/squid/cache.log <== 2012/08/06 13:01:46.477 kid1| forward.cc(273) fwdStart: 'http://www.cnn.com/' 2012/08/06 13:01:46.477 kid1| forward.cc(101) FwdState: Forwarding client request local=157.166.255.18:80 remote=172.30.0.252:44700 FD 68 flags=33, url=http://www.cnn.com/ 2012/08/06 13:01:46.478 kid1| forward.cc(160) selectPeerForIntercepted: opening a new conn: local=0.0.0.0 remote=157.166.255.18:80 flags=1 2012/08/06 13:01:46.478 kid1| forward.cc(317) startConnectionOrFail: http://www.cnn.com/ 2012/08/06 13:01:46.478 kid1| fwdConnectStart: http://www.cnn.com/ 2012/08/06 13:01:46.478 kid1| fwdConnectStart: got outgoing addr 0.0.0.0, tos 0, netfilter mark 0 2012/08/06 13:01:46.478 kid1| The AsyncCall fwdConnectDoneWrapper constructed, this=0xb81354a8 [call5533] On the other hand, when set in the browser, the upstream is also used: Aug 6 13:04:25 myname (squid-1): 1344251065.036 301 172.30.0.252 TCP_MISS/200 2565 GET http://www.cnn.com/ - FIRSTUP_PARENT/127.0.0.1 text/html -- Davide Alberani <davide.alberani@xxxxxxxxx> [PGP KeyID: 0x465BFD47] http://www.mimante.net/
