Re: squid intercept config

[Monah Baki <monahbaki@xxxxxxxxx>]

I forgot to paste my pf.conf

# rdr pass inet proto tcp from 10.0.0.9/32 to any port 80 -> 10.0.0.24 port 3128
# nat on bge0 inet from any to port 80 -> bge0
rdr pass inet proto tcp from 10.0.0.23 to any port 80 -> 10.0.0.24 port 3129
# pass on bge0 inet proto tcp from bge0 to bge0 port 3128

# block in
pass in log quick on bge0
pass out log quick on bge0
pass out keep state

On Sat, Mar 7, 2015 at 8:24 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:

On 8/03/2015 1:09 a.m., Monah Baki wrote:
> Forgot to paste my test.
>
> Basically from my squid server:
> root@ISN-PHC-CACHE:/cache/squid/bin # ./squidclient -h www.cnn.com -H
> 'Host: www.cnn.com\n' -p 80
> HTTP/1.1 302 Found
> Server: Varnish
> Retry-After: 0
> Content-Length: 0
> Location: http://edition.cnn.com80

Um, that redirect URL is invalid. This Varnish is outputting garbage.


However, this test result does prove that output traffic from your Squid
should be fine. The test connecting to your port 3128 should confirm
that by getting the same or very similar result for normal traffic.


So the problem is on the input. It could still be at the client end, or
in the NAT redirection.

One thing I've not seen clarified in the discussion is which machine the
NAT rules have been placed (Squid box? or router?). Sorry if I missed that.
 The NAT operation MUST be done on the Squid box or the local machines
NAT system tells it the client was connecting to connect to
itself/Squid:3129 (which is the forwarding loop).

The router looks liek a Cisco device, so it must do L2 routing
redirection or WCCP to deliver packets to the Squid machine without
having altered their IP:port details in any way.

Amos

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users