On 13/06/2014 2:30 a.m., Antony Stone wrote: > On Thursday 12 June 2014 at 16:26:19, Дмитрий Шиленко wrote: > >> in /var/log/squid/cache.log i find: "kid1| WARNING: Forwarding loop >> detected for:" > > That was probably due to my suggestion of redirecting to 192.168.0.97 instead > of 127.0.0.1 > > You may as well put that back to what it was, and at least get rid of the new > problem :) You are probably right that that is because of the IP change in the rules. But actually in a good way. locahost and its IP 127.0.0.1 are a bit special in many ways. One of those ways is that NAT is not capable of setting the localhost address on a global scope packet, or a global IP on a lo interface packet. I've seen NAT fail silently when NATing to/from 127.0.0.1 incorrectly. The forwarding loop error message means the traffic has successfully entered and *exited* Squid at least once. > >> help me out guys =( > > Has anyone else got more experience than me of transparent interception, and > can see what might be the problem here? > I believe the NAT rule needs two changes: 1) use 192.168.0.97 in place of the 127.0.0.1 as earlier suggested. 2) prevent traffic *from* 192.168.0.97 being NATed - it is Squid's outbound traffic. Amos
