On 23 January 2015 at 16:29, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 24/01/2015 2:13 a.m., Odhiambo Washington wrote:
> On 23 January 2015 at 15:47, Yuri Voinov <yvoinov@xxxxxxxxx>
> wrote:
>
>>
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> Once more. You CANNOT have neither web-server nor other service
>> with listening port 80 on the same host as transparent Squid
>> proxy. This is one and only reason you have looping.
>>
>> Look. On my transparent 3.4.11 (which was early 2.7) IPFilter
>> redirects 80 port to proxy. My web server on the same host
>> listens only 8080, 8088 and 8888 ports. No one service except NAT
>> is using 80 port.
>>
>> And finally I have no looping 4 years.
>>
>> Obvious, is it?
>>
>>
> Not so obvious.
>
> I have a several servers with Apache listening on 80,443 which
> don't have this problem! I can give you access to one of them to
> see for yourself if you need to believe.
>
> Anyway, this still doesn't help me. After changing my apache to
> port 8080 and firing up squid-3.5.1, I get access denied for all
> requests: http://pastebin.com/1fMSE1U9
>
Aha, here is the heart of problem:
2015/01/23 15:59:34.455| client_side.cc(2320) parseHttpRequest: HTTP
Client local=127.0.0.1:13128 remote=192.168.2.165:54234 FD 14 flags=33
The local= value shows what the machine NAT system told Squid the
original destination IP of the client connection was.
Resulting in the to_localhost ACL denying the client access through
the proxy.
So the simple solution would be to change what in my squid.conf - http://pastebin.com/L16cDmRp
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
"I can't hear you -- I'm using the scrambler."
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
"I can't hear you -- I'm using the scrambler."
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users