On 22/05/18 22:06, kAja Ziegler wrote: > This is strange because I don't use any NAT iptables/netfilter rules on > this server: > > [root@...]# iptables -n -L -v -t nat > Chain PREROUTING (policy ACCEPT 26964 packets, 1870K bytes) > pkts bytes target prot opt in out source > destination > > Chain POSTROUTING (policy ACCEPT 11013 packets, 817K bytes) > pkts bytes target prot opt in out source > destination > > Chain OUTPUT (policy ACCEPT 11015 packets, 817K bytes) > pkts bytes target prot opt in out source > destination- That lack of NAT rules would be why Squid cannot find any entries for the traffic in the kernels NAT state table. > > > Only one weird thing I found in my Squid configuration - I had defined > only one http_port (http_port 3128 intercept) and this port was used to > access proxy via explicit definitions in systems or applications - > without any REDIRECT or marking in iptables/netfilter rules There is the problem. That "intercept" mode/flag means NAT intercepted traffic is the only type you are going to receive there. Explicit / forward proxy is the "normal" traffic case for proxies. A port to receive that traffic is configured without any special mode flag. Just: http_port 3128 Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
