On 02/07/2018 04:38 PM, Rafael Akchurin wrote: > If you do not mind looking at other tutorials - these are what we have in the test lab. > https://docs.diladele.com/tutorials/transparent_proxy_ubuntu/index.html I can confirm that the instructions in this tutorial results in the same exact failure scenario as all previous attempts and tests (once I removed the unnecessary Apache/Web Safety bits). Firewall rules are: -A INPUT -i eth0 -p tcp -m tcp --dport 3126 -c 0 0 -j ACCEPT -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -c 0 0 -j ACCEPT -A FORWARD -i eth1 -o eth0 -c 0 0 -j ACCEPT Squid config is generic, with the exception of: http_port 3126 intercept There is a single interface on the host, which resides on the LAN _and_ is Internet-facing (eth0). The result is that I get the same as before: ==> /var/log/squid3/access.log <== 1518042565.613 0 192.168.1.1 TAG_NONE/400 3583 GET / - HIER_NONE/- text/html If I point the client (curl, browser, perl + LWP) at the proxy directly on 3128, it works as expected. I am firmly convinved that _transparent_ proxying with squid, is 100% non-functional. The proxy works fine, but transparent proxying is demonstrably broken in anything later than 3.x. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
