Re: fedora12_tproxy

[Amos Jeffries <squid3@xxxxxxxxxxxxx>]

On 29/06/2013 3:36 a.m., z fazli wrote:
> hi
>
> I have fedora 12 that upgraded it's kernel to 2.6.37 , and iptables
> 1.4.19 , i installed squid 3.2.2 in tproxy mod on it use steps from
> this link
>
> http://wiki.squid-cache.org/Features/Tproxy4#Feature:_TPROXY_version_4.1.2B-_Support
>
> everything seems ok but when I run squid and insert url in browser get
> this message
>
>
> ERROR
> The requested URL could not be retrieved
>
> The following error was encountered while trying to retrieve the URL:
> http://google.com/
>
> Access Denied.
>
> Access control configuration prevents your request from being allowed
> at this time. Please contact your service provider if you feel this is
> incorrect.
>
> Your cache administrator is webmaster.
>
> Generated Tue, 25 Jun 2013 12:34:53 GMT by localhost.localdomain (squid/3.3.2)

You say you installed 3.2.2 but some Squid-3.3.2 is responding to you. 
Are you sure this is a message from your Squid?

> and in terminal this message :
>
> 2013/06/26 14:55:35| WARNING: Forwarding loop detected for:
> POST /safebrowsing/downloads?client=navclient-auto-ffox&appver=3.5.4&pver=2.2&wrkey=AKEgNivruGNaM449DFDdRiYv81wyGtp5gMSMU4fMMS_g2YKGXmFhYZxbsymSyj14q22Xr7_cCx0nRwFKaCNyKKvMEev0WhcpRg==
> HTTP/1.1
> Host: safebrowsing.clients.google.com
> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.4)
> Gecko/20091027 Fedora/3.5.4-1.fc12 Firefox/3.5.4
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Language: en-us,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Content-Length: 110
> Content-Type: text/plain
> Cookie: PREF=ID=1b085458083db40f:U=8d54b4985abb086f:FF=0:TM=1371881983:LM=1371882262:S=gjQlM4Sqrueu3KHq;
> NID=67=YXYmGeg68fPjuU2-QOne46eStjqotGcE0AZTiWmbRXT2klqJYDLayVduleh1HnEFN-CyfZSTsgJABBKwm3dAP3Cvxi8_yZRnIE5zQSYScyHMc03Tz-37Mu8vur3WU4yH
> Via: 1.1 localhost.localdomain (squid/3.3.2)
> X-Forwarded-For: 10.1.110.83
> Cache-Control: max-age=0
> Connection: keep-alive
<snip>
> also this in my squid access log
>
> 1372164328.471 0 10.1.110.83 TCP_MISS/403 4642 POST
> http://safebrowsing.clients.google.com/safebrowsing/downloads? -
> HIER_NONE/- text/html
> 1372164328.471 3 10.1.110.83 TCP_MISS/403 4725 POST
> http://safebrowsing.clients.google.com/safebrowsing/downloads? -
> HIER_DIRECT/10.1.110.83 text/html
<snip>
> what is the problem?

The DNS records for "safebrowsing.clients.google.com" (aka DIRECT) tell 
Squid that safebrowsing.clients.google.com is located at 10.1.110.83 ...

... take a guess.

Secondly. The whole purpose of having a hostname assigned to each 
machine is to allow automated systems like forwarding loop detection to 
determine the difference between any two hosts on the *entire* Internet. 
Combining the host name with the site domain name produces a FQDN which 
is unique. "localhost.localdomain" is in no way a unique name for your 
proxy.

Amos