|
Hello Richard, The NATting needs to happen on the gateway – here is more info
https://squidproxy.wordpress.com/2014/12/19/squid-3-2-mythbusting-nat/ Best regards, Rafael From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx]
On Behalf Of Richard Hi, This question has been asked many times before, but unfortunately the ones I checked did not seem to have a solution for me. I am trying to setup squid as transparent proxy, but I keep getting the error Forwarding loop detected. I have the following setup: Client [172.24.30.11] <-> Router [172.24.30.253 && 172.24.10.253 ] <-> Squid Server [172.24.10.13] The configuration for squid is as following: http_port 8080 http_port 3129 intercept http_access allow all The iptables rule on my router is as follow: iptables -t nat -I PREROUTING -s 172.24.30.11 -p tcp --dport 80 -j DNAT --to
172.24.10.13:3129 Now when the client tries to download something I get the following logs: ---- access.log ---- 1451303118.327 0 172.24.10.13 TCP_MISS/403 3751 GET
http://74.125.136.94/ - HIER_NONE/- text/html 1451303118.327 0 172.24.30.11 TCP_MISS/403 3915 GET
http://74.125.136.94/ - HIER_DIRECT/172.24.10.13 text/html ---- cache.log ---- 2015/12/28 12:45:14 kid1| Starting Squid Cache version 3.3.8 for x86_64-redhat-linux-gnu... 2015/12/28 12:45:14 kid1| Process ID 776 2015/12/28 12:45:14 kid1| Process Roles: worker 2015/12/28 12:45:14 kid1| With 16384 file descriptors available 2015/12/28 12:45:14 kid1| Initializing IP Cache... 2015/12/28 12:45:14 kid1| DNS Socket created at [::], FD 7 2015/12/28 12:45:14 kid1| DNS Socket created at 0.0.0.0, FD 8 2015/12/28 12:45:14 kid1| Adding domain
int-mgt.bitcube.nl from /etc/resolv.conf 2015/12/28 12:45:14 kid1| Adding domain
int-prd.bitcube.nl from /etc/resolv.conf 2015/12/28 12:45:14 kid1| Adding domain
dmz-prd.bitcube.nl from /etc/resolv.conf 2015/12/28 12:45:14 kid1| Adding nameserver 172.24.10.253 from /etc/resolv.conf 2015/12/28 12:45:14 kid1| Logfile: opening log daemon:/var/log/squid/access.log 2015/12/28 12:45:14 kid1| Logfile Daemon: opening log /var/log/squid/access.log 2015/12/28 12:45:14 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2015/12/28 12:45:14 kid1| Store logging disabled 2015/12/28 12:45:14 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects 2015/12/28 12:45:14 kid1| Target number of buckets: 1008 2015/12/28 12:45:14 kid1| Using 8192 Store buckets 2015/12/28 12:45:14 kid1| Max Mem size: 262144 KB 2015/12/28 12:45:14 kid1| Max Swap size: 0 KB 2015/12/28 12:45:14 kid1| Using Least Load store dir selection 2015/12/28 12:45:14 kid1| Current Directory is / 2015/12/28 12:45:14 kid1| Loaded Icons. 2015/12/28 12:45:14 kid1| HTCP Disabled. 2015/12/28 12:45:14 kid1| Squid plugin modules loaded: 0 2015/12/28 12:45:14 kid1| Adaptation support is off. 2015/12/28 12:45:14 kid1| Accepting HTTP Socket connections at local=[::]:8080 remote=[::] FD 11 flags=9 2015/12/28 12:45:14 kid1| Accepting NAT intercepted HTTP Socket connections at local=0.0.0.0:3129 remote=[::] FD 12 flags=41 2015/12/28 12:45:15 kid1| storeLateRelease: released 0 objects 2015/12/28 12:45:18 kid1| WARNING: Forwarding loop detected for: GET / HTTP/1.1 User-Agent: curl/7.29.0 Host: 74.125.136.94 Accept: */* Via: 1.1 srv-proxy01.xxxxxxxxxxxx (squid/3.3.8) X-Forwarded-For: 172.24.30.11 Cache-Control: max-age=259200 Connection: keep-alive If I configure the client to use a proxy (on port 8080) it all works fine. I have a feeling i'm forgetting something simple :( Hopefully someone can point me into the right direction? Thanks ! Richard |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
