Search squid archive

Re: Re: Three questions about Squid configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ok, I'll try to explain the scenario again and more detailed (I remark that I'm using this guide which states that it should work for public IP addresses: http://wiki.squid-cache.org/ConfigExamples/Intercept/AtSource):

Client side: Has public IP address A.B.C.D
Server side: Has public IP address E.F.G.H

On the client side, I added the following iptables rule:

iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination E.F.G.H:3128

On the server side, I just opened up the port 3128, this is the only one rule:

    iptables -I INPUT -s eth0 --dport 3128 -j ACCEPT

On the server side, there's a squid3 running with the default package configuration, just two lines changing (though the 3127 port has nothing to do with this example):

    http_port 3128 intercept
    http_port 0.0.0.0:3127

So, when I do a HTTP connection attempt on the client side, it is indeed successfully redirected to E.F.G.H but the loop occours with these two events in the log:

cache.log:

    2014/07/17 21:05:02| WARNING: Forwarding loop detected for:
    GET / HTTP/1.1
    Host: google.es
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
    Accept-Encoding: gzip, deflate
Cookie: PREF=ID=119a6e25e6eccb3b:U=95e37afd611b606e:FF=0:TM=1404500940:LM=1404513627:S=r7E-Xed2muOOp-ay; NID=67=M5geOtyDtp5evLidOfam1uzfhl6likehxjXo7KcamK8c5jXptfx9zJc-5L7jhvYvnfTvtXYJ3yza7cE8fRq2x0iyVEHN9Pn2hz9urrC_Qt_xNH6IQCoT-3-eXTwb2h4f; OGPC=5-25:
    Pragma: no-cache
    Via: 1.1 homeSecureProxy (squid/3.3.8)
    X-Forwarded-For: A.B.C.D
    Cache-Control: no-cache
    Connection: keep-alive

access.log:

1405623902.957 0 A.B.C.D TCP_MISS/403 4300 GET http://google.es/ - HIER_NONE/- text/html 1405623902.958 1 A.B.C.D TCP_MISS/403 4419 GET http://google.es/ - HIER_DIRECT/E.F.G.H text/html

I also tried using a VPN connection between both the client and the server, the result is exactly the same (just the public IPs change by the VPN's private, obviously).

I hope I explained it better now, hope someone can help because this is really driving me nuts :-(

Thanks.

El 17/07/2014 14:45, Eliezer Croitoru escribió:
On 07/17/2014 08:47 AM, Nicolás wrote:
Hi Eliezer,

This would be the output of your script. This is not CentOS so some
things have failed... and I just obscurated the public IP related data.
I tried adding the rule you proposed (as you may see in the output), but
unfortunately it made no difference, I'm still having the redirect loop.
I am yet not able to understand how do you use the proxy and how do you connect to it. The only way you can connect to your server is but I assume it will be a tunnel\vpn connection.

How do you want to use your proxy?
It will be much simpler to understand the circumstances to the loop rather then the loop itself (for me).

I think that we are missing something important in everything.
Can you just run "curl -I http://www.google.com"; from command line?
(and couple other addresses you are having issues with).

Eliezer





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux