Hello, I am having trouble with my squid setup. Here is exactly what I am trying to do: I am setting up a VPN server and I want all VPN traffic to be transparently proxied by squid with ssl bumping enabled. Right now when I try to do this I get an access denied page from the client. Here are lines from my squid.conf: ================================================= acl localnet src 192.168.1.0/24 # local network acl localnet src 192.168.3.0/24 # vpn network http_access allow localnet http_access allow localhost http_access deny all http_port 192.168.1.145:3127 intercept http_port 192.168.1.145:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/etc/squid3/ssl/private.pem cert=/etc/squid3/ssl/public.pem always_direct allow all ssl_bump allow all sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB sslcrtd_children 5 ================================================= Here are my iptables rules: ================================================= sysctl -w net.ipv4.ip_forward=1 iptables -F iptables -t nat -F # transparent proxy for vpn iptables -t nat -A PREROUTING -i ppp+ -p tcp --dport 80 -j DNAT --to-destination 192.168.1.145:3127 iptables -t nat -A PREROUTING -i ppp+ -p tcp --dport 443 -j DNAT --to-destination 192.168.1.145:3128 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables --table nat --append POSTROUTING --out-interface ppp+ -j MASQUERADE iptables -I INPUT -s 192.168.3.0/24 -i ppp+ -j ACCEPT iptables --append FORWARD --in-interface eth0 -j ACCEPT ================================================= When I connect to VPN and try to browse the web I get the following error in /etc/squid3/cache.log on the vpn server: 2014/08/12 21:21:02 kid1| ERROR: No forward-proxy ports configured. 2014/08/12 21:21:02 kid1| WARNING: Forwarding loop detected for: GET /Artwork/SN.png HTTP/1.1 Host: www.squid-cache.org User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://www.google.com/ Via: 1.1 localhost (squid/3.2.11) X-Forwarded-For: 127.0.0.1 Cache-Control: max-age=259200 Connection: keep-alive 2014/08/12 21:21:02 kid1| ERROR: No forward-proxy ports configured. I am wondering about this erro "No forward-proxy ports configured." What do I need to change about my squid.conf that would allow me to do transparent proxying? Thanks in advance. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/HTTP-HTTPS-transparent-proxy-doesn-t-work-tp4667193.html Sent from the Squid - Users mailing list archive at Nabble.com.
