[squid-users] Transparent proxy problem

From: Buddy Rich <[email protected]>
Date: Mon, 25 Feb 2002 08:21:05 +0100

I have rh 7.2. I have configured squid as a transparent proxy. I've added
the following rule to the firewall
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j
REDIRECT --to-port 3128
and restarting firewall.
Everything works perfectly exept my local web pages. When I'm trying to get
{http://clarkconnect.lan/} i have:

The following error was encountered:
Unable to determine IP address from host name for clarkconnect.lan
The dnsserver returned:
Name Error: The domain name does not exist.
This means that:
The cache was not able to resolve the hostname presented in the URL.
Check if the address is correct.

But when I'm trying http://192.168.1.1/ it works ok.

I configure squid not to cache local webpages.

My squid.conf
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 96 MB
store_avg_object_size 8 MB
cache_dir ufs /home/squid 2000 16 256
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl local_lan src 192.168.1.0/255.255.255.0
acl local_www dst 192.168.1.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access allow local_lan
http_access allow manager localhost
http_access deny manager
http_access allow local_www
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
icp_access allow all
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
always_direct allow local_www
log_fqdn on

Any ideas.
When I disable transparent proxy all works ok.
Sorry for my english.



--

Okresl Swoje potrzeby - my znajdziemy oferte za Ciebie!
[ http://oferty.onet.pl ]

Received on Mon Feb 25 2002 - 00:23:25 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:31 MST