Search squid archive

Re: transparent proxy on remote box issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hey,

I was wondering to myself?
Why do you intercept traffic using Amazon?
You should host your proxy close enough to have good response time which is ok if Amazon is close enough.
In order to perform your goal you will need to use the right interfaces rules in IPTABLES. 

What are you using on the client machine?
And also do you expect the squid box to use it's own IP as a src or the client IP? If you have an example on the IP level I might be able to compose an example that should work for you. 

Eliezer

On 10/23/2013 09:46 PM, WorkingMan wrote:

Setup: VPN <--> SQUID (both in Amazon EC2 classic instances, not VPC)

1) SQUID works fine by itself when I tried by configuring the browser (and
before setting SQUID as transparent proxy).
2) VPN (strongswan) works fine by itself as well.

Now I added a few iptables rules to route traffic to SQUID and back.

//used these guide (applied all rules from first link, and loop back rule
from second link, in the sec box of the page):

http://www.linuxdocs.org/HOWTOs/mini/TransparentProxy-6.html
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute

Behavior (iphone connect to VPN and browse the net; same behavior if
connected directly to proxy):
1) when I set in intercept mode, I see whole URL and I get access denied. In
access.log:
<VPN IP> TCP_MISS/403 4424 GET http://www.cnn.com/ - HIER_NONE/- text/html
<VPN IP> TCP_MISS/403 4515 GET http://www.cnn.com/ - HIER_DIRECT/<SQUID IP>
text/html

cache.log:
Referer: http://www.cnn.com/
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_2 like Mac OS X)
AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A501
Safari/9537.53
Via: 1.1 ip-<SQUID IP> (squid/3.3.9-20131010-r12634)
Cache-Control: max-age=0
Connection: keep-alive


2) when I set to default mode (just port info), I get invalid URL. hostname
information is missing.
access.log - <VPN IP> NONE/400 3544 GET / - HIER_NONE/- text/html
cache.log - <empty>

//squid.conf
forwarded_for transparent
cache_effective_user proxy
http_port 3130 intercept
http_port 3128
debug_options ALL,1
forward_max_tries 25


I have no idea where the problem is.

Thanks
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux