Search squid archive

Transparent Proxy on OSX Yosemite

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I’m attempting to get a squid working as a transparent proxy on OSX Yosemite. Every attempt ended with a “Forward loop detected”. I initially started with the version from homebrew and moved to just compiling myself to see if I could figure out what was going on. Being new to both pf network and squid, it might be something that I have configured wrong. I configured pf similar to:

 

              nat on $ext_if proto {udp, tcp} from $int_if:network to any port domain -> ($ext_if)

              rdr pass on $int_if proto tcp from $int_if:network to any port {http, https} -> 127.0.0.1 port 3129

 

And my squid.conf for my testing is basically:

 

http_port 3128

http_port 3129 intercept

http_access allow all

 

I’m not sure if this is more appropriate on this mailing list or the developer mailing list (hoping it is just something I’m doing wrong). The squid that I’m using doesn’t have –with-nat-devpf enabled; it fails to compile with that option. I’m wondering if the getsockname() as per comment for PFIntercept (of the !_USE_NAT_DEVPF) in src/ip/Intercept.cc, on OSX is not returning the pre-rdr address and causing the forward loop.

 

As mentioned, the –with-nat-devpf fails to compile on OSX due to a missing header file. And from looking it sounds like the header is for the ioctl() on /dev/pf, which doesn’t seem to be public API on OSX. So I’m trying to determine if my issue is due to a misconfiguration – or is this portion of the code not working with OSX. I looked at the code for mitmproxy, and it seems like they require a sudoers entry to run “pfctl –s state” and parse the state. Would something like that need to be added to squid to support transparent proxy on OSX. I had started to put some code together like mitmproxy, but thought better check if I didn’t get something configured correctly.

 

Greg

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux