On 14/09/19 7:43 pm, sknz wrote: > Hello Amos, > Okay, ports are fixed from here and forwarded 80 to 3127 in iptables. > > http_port 3128 # for proxy client > http_port 3127 intercept # for http intercept > This does not match the config suggested. Can you please re-post the config used with the below captures. > > When a user tries to connect an HTTP site, > > tcpdump -vv -ni eth1 port 80 >>> > https://paste.grasehotspot.org/view/raw/f81a60e4 > > tcpdump -vv -ni tun0 port 80 >>> > https://paste.grasehotspot.org/view/raw/bb0a4bc1 > > tcpdump -vv -ni eth0 port 80 >>> > https://paste.grasehotspot.org/view/raw/563912fd > > ... and the user never sees any output in the browser window. It's not > working somewhere in between tun0 <--> eth0. eth0 is WAN here. The thing is - Squid, four layers of NAT, one more trip through the Chilli portal engine, and two cycles through the firewall all sit in that problem area. That is a LOT of complexity - figuring out what is going on is difficult enough before you go changing the settings in unexpected ways with every post to the mailing list. What we are doing here is working through those carefully checking what the traffic is doing until the exact problem point is found. So far the traces show one trip through Chilli is working okay. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
