-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 24/01/2015 2:13 a.m., Odhiambo Washington wrote: > On 23 January 2015 at 15:47, Yuri Voinov <yvoinov@xxxxxxxxx> > wrote: > >> >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> Once more. You CANNOT have neither web-server nor other service >> with listening port 80 on the same host as transparent Squid >> proxy. This is one and only reason you have looping. >> >> Look. On my transparent 3.4.11 (which was early 2.7) IPFilter >> redirects 80 port to proxy. My web server on the same host >> listens only 8080, 8088 and 8888 ports. No one service except NAT >> is using 80 port. >> >> And finally I have no looping 4 years. >> >> Obvious, is it? >> >> > Not so obvious. > > I have a several servers with Apache listening on 80,443 which > don't have this problem! I can give you access to one of them to > see for yourself if you need to believe. > > Anyway, this still doesn't help me. After changing my apache to > port 8080 and firing up squid-3.5.1, I get access denied for all > requests: http://pastebin.com/1fMSE1U9 > Aha, here is the heart of problem: 2015/01/23 15:59:34.455| client_side.cc(2320) parseHttpRequest: HTTP Client local=127.0.0.1:13128 remote=192.168.2.165:54234 FD 14 flags=33 The local= value shows what the machine NAT system told Squid the original destination IP of the client connection was. Resulting in the to_localhost ACL denying the client access through the proxy. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUwkzOAAoJELJo5wb/XPRjQzwH/j4f+BBj90f6o08d1b+SvBNl WuzsF6xif4MJfDsjf8+GNV50i+cvkhB5XPjVOXxPJcr3oQTHoi73FOzNnSRMo7zD 5Wyl+mih/rPyb2F2UNRCroNIMLvbdvlFcAo4LcUYikeQDrjHkGj56IrjJEqoEAPg rXAGH8ON4r1hAnlB+V7dD5eXOUZcCZnaW3y97VzqVzKoe1XEbQniy9J02EmR831s UBYyROveCXY3jHpXpsX+7VR2aVDZ52qht/REfEtLZu1pc4Ksc0s/mp/Sx6rQKsE6 ++Zf0fpTw/nX97n3slHxBkZtUV4yEvcByE6+wgpx8CNqth3AxYJtIv23J/PD0qU= =sFTR -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
