Hey Peter,
Lets start from 0 back again.
What OS is it?
What is the client IP address?
What is the machine IP address?
Is it using one interface or more?
What is the DNS and what is the GW for this machine?
Did you had the chance of looking at:
http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2
Which defines how a machine that works with a topology that works for
more then one system should be configures.
There is a detailed picture of it.
Take your time to relate to it.
If you will give me the list of details I will be able to test it on:
CentOS 6.5
Ubutnu 12.04 13.10 ++
Debian 6.X ++
Gentoo
Slackware
Mandriva
Fedora
Squid works also on FreeBSD but was not tested by me on OpenBSD.
Any level of interception should be understood a bit before implemented.
Eliezer
On 28/01/14 17:05, Peter Warasin wrote:
hi guys
On 01/28/2014 02:30 PM, Madhav V Diwan wrote:
Have you made certain that squid in the squid configuration file
( /etc/squid/squid.conf) is listening on port 80 ( the destination port
in your iptables rules)
port 80?
squid is listening on port 18080, where the tproxy rule "redirects" to:
http_port 0.0.0.0:8080
http_port 0.0.0.0:18080 tproxy
just tried to make it listen on port 80 (with no apache running there)
and changing the tproxy rule in order to redirect to port 80. then it
works. but i need port 80 for apache. also i need to redirct port 443 as
well later, when this works.
and have you checked tcpwrappers , or selinux?
sure. nothing enabled.
also it works when i remove the tproxy rule and use normal bridge
forwarding and it works also when i use squid directly on port 8080.
so squid config should be ok and uplink, routing, forwarding,
firewalling all should be ok.
seems really that the kernel actually finds the squid socket, assigns it
to the packet, but the listening process does not get it, either squid
nor tproxy_example tool.
i was thinking maybe glibc is to old, but i guess IP_TRANSPARENT is only
a kernel headers thing and there was no change in glibc for it, right?
peter
