-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 24/01/2015 2:20 a.m., Odhiambo Washington wrote: > On 23 January 2015 at 16:07, Amos Jeffries <squid3@xxxxxxxxxxxxx> > wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> On 24/01/2015 1:47 a.m., Yuri Voinov wrote: >>> >>> Once more. You CANNOT have neither web-server nor other >>> service with listening port 80 on the same host as transparent >>> Squid proxy. This is one and only reason you have looping. >>> >> >> That is not correct. It can be done, but depends on how the >> firewall operates and what ruleset is used. >> >> One has to intercept traffic transiting the machine, but ignore >> traffic destined *to* or *from* the local machines running >> processes. >> >>> Look. On my transparent 3.4.11 (which was early 2.7) IPFilter >>> redirects 80 port to proxy. My web server on the same host >>> listens only 8080, 8088 and 8888 ports. No one service except >>> NAT is using 80 port. >>> >>> And finally I have no looping 4 years. >>> >>> Obvious, is it? >>> >> >> Maybe there was, maybe there wasn't. >> >> Squid-2.7 ignored a lot of NAT related errors and even silently >> did some Very Bad Things(tm) - none of which Squid-3.2+ will >> allow to happen anymore. >> >> >> Odhiambo: I suspect it might be related to your use of "rdr" >> firewall rules. In OpenBSD PF at least rdr rules do not work >> properly and divert-to rules needs to be used instead (divert-to >> can be used for either TPROXY or NAT Squid listening ports on >> BSD). >> > > > I am thinking Squid-3.2+ is evil :-) > > Anyway, my PF rules are here : http://pastebin.com/pKv1jN2v And my > IPFilter rules are here: http://pastebin.com/JQ77X01H > > I need to figure out why squid is DENYing all access .. > Can you update me on what the squid -v output is from the Squid build you are having issues with pleae? Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUwk9OAAoJELJo5wb/XPRjvncIAOAp0zReRGxQdsAw5KmvSQaY /wgL0sU9xEVHNDIaMZqzdKKphsPUa8/ILiND1mZF3Wg2fiZ8vEj/BvAnOutKAggL hZdx+tz/C8ZAIVw0WuY+GobY2tiKrwvU/HuP4zu8yd086xbqJkSrV4SeyW4Zw0uc ZEziWHezR47S1TvCVCjNc/4dIsuvdiQ2Q9T7EPpEqUZXyaVkrULIzyC3VJQ6xklt q95xN9ce6NvWcXTFfkVV0D+Y6xY8VQgllvauRZI45J4KzEST65hmhoybNoJQADyb x1OjbFqudNZFeU5ItrkRSd1g1HYuQUl97ae5IiyIlfMuzb2oounE9t4qZc1/yZY= =w4Lh -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
