Hi, I want to setup an interception proxy with DNAT using squid 3.2.7. My squid.conf is acl trusted src x.x.x.x y.y.y.y acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow trusted http_access allow localhost http_access deny all http_port 0.0.0.0:8888 http_port 0.0.0.0:8128 intercept hierarchy_stoplist cgi-bin ? debug_options ALL,1 coredump_dir /var/spool/squid3 cache deny all refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 request_header_access Proxy-Connection deny all request_header_access X-Forwarded-For deny all request_header_access Connection deny all request_header_access Via deny all forwarded_for off I've set up the iptables and sysctl.conf as described in http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat $ iptables -t nat --list-rules -P PREROUTING ACCEPT -P POSTROUTING ACCEPT -P OUTPUT ACCEPT -A PREROUTING -s 209.141.35.219/32 -p tcp -m tcp --dport 80 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination 209.141.35.219:8128 -A POSTROUTING -j MASQUERADE $ iptables -t mangle --list-rules -P PREROUTING ACCEPT -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -P POSTROUTING ACCEPT -A PREROUTING -p tcp -m tcp --dport 8128 -j DROP In my client network, I've set up a dnsmasq to redirect the hosts that I want to proxy to the squid box. However, when I call one of the hosts, e.g. www.example.org, I get ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://example.org/ Connection to <squid-ip> failed. The system returned: (111) Connection refused ---- The squid was configured with Squid Cache: Version 3.2.7 configure options: '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--enable-inline' '--enable-async-io=8' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-arp-acl' '--enable-esi' '--disable-translation' '--enable-linux-netfilter' '--enable-ssl' '--with-default-user=proxy' '--enable-ltdl-convenience' I appreciate your help! Cheers Marcel
