Setup: VPN <--> SQUID (both in Amazon EC2 classic instances, not VPC) 1) SQUID works fine by itself when I tried by configuring the browser (and before setting SQUID as transparent proxy). 2) VPN (strongswan) works fine by itself as well. Now I added a few iptables rules to route traffic to SQUID and back. //used these guide (applied all rules from first link, and loop back rule from second link, in the sec box of the page): http://www.linuxdocs.org/HOWTOs/mini/TransparentProxy-6.html http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute Behavior (iphone connect to VPN and browse the net; same behavior if connected directly to proxy): 1) when I set in intercept mode, I see whole URL and I get access denied. In access.log: <VPN IP> TCP_MISS/403 4424 GET http://www.cnn.com/ - HIER_NONE/- text/html <VPN IP> TCP_MISS/403 4515 GET http://www.cnn.com/ - HIER_DIRECT/<SQUID IP> text/html cache.log: Referer: http://www.cnn.com/ Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en-us User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_2 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A501 Safari/9537.53 Via: 1.1 ip-<SQUID IP> (squid/3.3.9-20131010-r12634) Cache-Control: max-age=0 Connection: keep-alive 2) when I set to default mode (just port info), I get invalid URL. hostname information is missing. access.log - <VPN IP> NONE/400 3544 GET / - HIER_NONE/- text/html cache.log - <empty> //squid.conf forwarded_for transparent cache_effective_user proxy http_port 3130 intercept http_port 3128 debug_options ALL,1 forward_max_tries 25 I have no idea where the problem is. Thanks
