squid 3.3.8 and ubuntu 15.04 server
2015-06-24 15:04 GMT+03:00 Yuri Voinov <yvoinov@xxxxxxxxx>:
Squid 3.5.x?
24.06.15 18:03, Dalmar пишет:
Hi,For over two weeks i am having a really headache in configuring squid transparent/intercept.I have tried different options and configurations but i couldn't get it to work.i think the problems lies in the Iptables / NAT but i really couldn't solve it.I have tried different iptable rules including the intercept linuxDnat - sysctl configuration, but didnt work.
# your proxy IPSQUIDIP=X.X.X.X
# your proxy listening portSQUIDPORT=XXXX
iptables -t nat -A PREROUTING -s $SQUIDIP -p tcp --dport 80 -j ACCEPTiptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination $SQUIDIP:$SQUIDPORTiptables -t nat -A POSTROUTING -j MASQUERADEiptables -t mangle -A PREROUTING -p tcp --dport $SQUIDPORT -j DROP
i have to say that squid works well when i configure in the client browsers.
at the mikrotik side, i am using DST-NAT chain port 80 pro TCP action DST-NAT to address squidIP and Port
i am using ubuntu server 15.04 using squid 3.3.8 and this is my configuration and the errors i get:
------ eth0 WAN <----- MAIN WAN Public IP InternetMK---|------ eth1 LAN|------ eth2 Proxy
------ eth0 WAN ---> Public IP --> Internet --> gets internet from 24online / another MikrotikSquid---|------ eth1 Proxy|------ eth2 webmin --> For server Management
-error1: if no intercept/transparent and no iptables is configured-Invalid URL - The requested url could not be retrieved-but if proxy is configured in the user browser - it works!
-error2:if intercept and iptable DNAT is configured-Access Denied and in the access log TCP-MISS/403-no forward proxy port configured-security alert : host header forgery detected on local= SquidIP:8080 remote:mikrotikIP (local ip does not match any domain name)-warning : forwarding loop detected (x-Forwarded-for mikrotik lan IP)
squid.conf
acl localnet src 10.0.0.0/8 # RFC1918 possible internal networkacl localnet src 192.168.0.0/16 # RFC1918 possible internal networkacl SSL_ports port 443acl Safe_ports port 80 # httpacl Safe_ports port 21 # ftpacl Safe_ports port 443 # httpsacl Safe_ports port 70 # gopheracl Safe_ports port 210 # waisacl Safe_ports port 1025-65535 # unregistered portsacl Safe_ports port 280 # http-mgmtacl Safe_ports port 488 # gss-httpacl Safe_ports port 591 # filemakeracl Safe_ports port 777 # multiling httpacl CONNECT method CONNECThttp_access deny !Safe_portshttp_access deny CONNECT !SSL_portshttp_access allow localhost managerhttp_access deny managerhttp_access allow localnethttp_access allow localhosthttp_access deny allhttp_port 8080http_port 8181cache_mem 2000 MBcache_dir ufs /var/spool/squid3 100000 16 256coredump_dir /var/spool/squid3refresh_pattern ^ftp: 1440 20% 10080refresh_pattern ^gopher: 1440 0% 1440refresh_pattern -i (/cgi-bin/|\?) 0 0% 0refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880refresh_pattern . 0 20% 4320cache_effective_user proxycache_effective_group proxy
----------------------------------------I am really confused, can anyone guide me please.Thanks in advance
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users