Search squid archive

Re: Transparent Proxy Configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2015-06-30 12:21 PM, Chris Greene wrote:

I’ve had Squid running on Ubuntu for a few weeks.  I’d configured the
proxy settings in the browsers.  Everything has been working well and
I've been pleased with the results.  But now I need to make this a
transparent proxy and I’m running into trouble & need some help.

I’ve got a Destination NAT rule set up on my router to forward TCP
port 80 traffic to my proxy.  And I removed proxy configuration
settings from the browsers.  After enabling this DNAT rule, I see
requests being logged to /var/log/squid3/access.log.

Results when navigating to http://www.google.com:
The following error was encountered while trying to retrieve the URL: /
  Invalid URL
Some aspect of the requested URL is incorrect.
Some possible problems are:
-Missing or incorrect access protocol (should be “http://”; or similar)
-Missing hostname
-Illegal double-escape in the URL-Path
-Illegal character in hostname; underscores are not allowed.


Next, I added "intercept" to http_port like so:
  "http_port  192.166.2.55:3128  intercept"
Results: Access Denied.

My abbreviated /etc/squid3/squid.conf looks like this:
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localhost
http_access allow all

I'm new to Squid/Ubuntu, so I likely overlooked something.  What am I
missing?  What troubleshooting step(s) should I take next?
-DG


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
What's your DNAT line? Assuming squid is on the box that you're running the DNAT line on...here's mine...redirect is all you need if the firewall/gateway is on the same box as squid:
$IPTABLES -t nat -A PREROUTING -i eth0 -s 192.168.1.96/28 -p tcp --dport 80 -j REDIRECT --to-port 3128 

And parts of my squid.conf:

acl localnet src 192.168.1.0/24

acl Safe_ports port 80
acl Safe_ports port 443

acl CONNECT method CONNECT
acl allowed_http_sites url_regex "/opt/etc/squid/http_url.txt"

http_access deny !Safe_ports
http_access deny CONNECT !SSL_Ports

http_access allow SSL_ports
http_access allow localnet
http_access deny all

http_port 3128 intercept


James
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux