Hello list,
I'm trying to do a simple intercept with Squid. Here is my setup :
I have a LAN with machines on 192.168.22.0/24. Their gateway is
192.168.22.10. On this machine, I have set the following iptables rule :
iptables -t nat -A PREROUTING -i eth0.100 ! -d 192.168.0.0/16 -p tcp
--dport 80 -j DNAT --to 192.168.55.3:3129
- eth0.100 because it's on a VLAN
- 192.168.55.3 being the Squid server, directly connected to the
Internet, on a network my gateway has the routes for
On the Squid server (192.168.55.3), I have configured the following
options in squid.conf :
- (default localnet ACLs were fine, as well as Safe_ports setting)
- tcp_outgoing_address 1.2.3.4 (the public address the server is
attached to. There are several interfaces)
- http_port 3129 intercept
- http_access allow localnet
- http_access allow localhost
- http_access deny all
Now, if I issue a curl http://google.fr on a LAN machine
(192.168.22.129), I get the Squid error page saying "Acces Denied", and
the Squid server log shows the following :
1483434892.803 0 1.2.3.4 TCP_DENIED/403 4032 GET
http://google.fr/ - HIER_NONE/- text/html
1483434892.804 17 192.168.22.129 TCP_MISS/403 4146 GET
http://google.fr/ - ORIGINAL_DST/192.168.55.3 text/html
"Normal" proxying works fine with this Squid setup (I also have a
"http_port 3128" with no option, and explicitly setting the proxy
address on the LAN hosts works fine).
Do you have an idea of what are my mistakes ?
Thank you for your inputs !
Hoggins!
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
