On 15/04/2015 10:21 p.m., Keyvan Hedayati wrote: > Hi > I'm having trouble setting a transparent proxy in our network. > For testing I've asked our net admin to transparently forward all of my > http traffic to squid port but when I try to open a page I get *Access > Denied *error and a warring about Forwarding loop. > As you can see in tcpdump squid sends request to it's machine and not to > outside and I've no idea why this happens. > Can you help my about this? I feel like I'm missing something tiny here. > > Squid box: 172.16.1.5 > My box: 192.168.10.122 > > Thanks > > -------------------- tcpdump -ntAi any port ! 22 > IP 192.168.10.122.59550 > 172.16.1.5.3128: Flags [S], seq 1494863721, win > 29200, options [mss 1460,sackOK,TS val 5421406 ecr 0,nop,wscale 7], length 0 Wheres the origin server IP? google.com:80 != 172.16.1.5:3128 If you are performing NAT on a machine other than the Squid box you are guaranteed to get this type of forwarding loop. One of these almost identical configs is the correct Squid box config for you: <http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect> <http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat> DNAT is best if you have static IPs in a high-peformance situation, REDIRECT if you have DHCP assigned / dynamic proxy IPs or are unsure what the final machine IP will be (ie plug-n-play proxy device). You also need the router changed to *route* the packets to the Squid machine without NAT'ing them in any way. There may be other devices along the packet path needing updates to handle the new route properly, your sysadmin should know what to do about all that. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users