I'm trying to redirect all of my subnet traffic to a transparent squid proxy using iptables on the router gateway (the squid proxy is located in the LAN). I can browse sites that are https but can't access http sites, the error that appears in the browser "ERR_EMPTY_RESPONSE" also I got this errors in the cache.log file: NF getsockopt(ORIGINAL_DST) failed on local=192.168.0.110:3129 NAT/TPROXY lookup failed to locate original IPs on local=192.168.0.110:3129 I'm using: Squid version:3.5.27 The iptables lines that we used for the redirection: 192.168.0.110:3129 - the squid box port+IP. 192.168.0.1 - the router's IP. iptables: iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.0.110:3129 iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.110 --dport 3129 -j SNAT --to-source 192.168.0.1 squid.conf These are the lines that we have changed/added to the squid.conf: acl localnet src 192.168.0.0/24 http_access allow localnet http_port 3128 http_port 3129 intercept -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
