On 2016-06-28 08:57, Antony Stone wrote:
On Monday 27 June 2016 at 22:45:19, Ataro wrote:
Hi there,
I've set up a FreeBSD machine inside a VirtualBox machine and used
IPFW to
forward all the requests to the internet through a squid server
running on
the same machine in port 3128 in intercept mode.
Please show us your IPFW rules.
The problem is that I get 403 http responses on every site I try to
access
to, even on the sites that I've explicitly allowed in the squid.conf
file.
Maybe show us your squid.conf as well (without comments or blank
lines).
I also get a warning message on the tty that squid is running on (I've
run
squid in no daemon mode) which says: Warning: Forwarding loop detected
for:.....
So, NAT is not working correctly...
I think that is the problem right there.
From the description given it sounds like the NAT rules are on the
'outer' machine. The requirement that NAT be performed on the same
machine as Squid applies to VM as much as to hardware. The NAT *must* be
performed on the VM where Squid is running, the outer machine must only
route packets - not port forward or NAT them to the VM.
I guess that this error occurs since the squid server and the IPFW
firewall
are running on the same machine which have only one network interface.
Am I right?
Not in the sense that "you can't do this with only one interface", no.
Nod. Squid does not know nor care about interfaces.
However, quite possibly in the sense that you haven't told IPFW how to
distinguish between requests in from your clients, and requests out
from your
squid instance.
The former need to go to squid, the latter need to go to the Internet.
Give us a bit more information and we might be able to give you a bit
more
help.
Antony.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
