[squid-users] Transparent Proxy

From: Edmund Turner <[email protected]>
Date: Tue, 30 Sep 2003 17:47:56 +0800

Hey everyone, got a problem I hope someone can help me with. I ve
searched thru the FAQ and the mail archive but I cant get any answer. I
hope im not 'floggin a dead horse' here but im running out of
alternatives. Im trying to run a transparent proxy on Red Hat Linux 9.
(squid-2.5.STABLE3-1rh)

When I specified the proxy address and port in the web brower,
everything worked perfectly fine.

I then tried to reroute the web traffic from all my LAN users thru the
proxy transparently.
Im using IPTABLES, so I invoke this below:

/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
REDIRECT --to-port 3128

Port forwarding is definitely working:
echo "1" > /proc/sys/net/ipv4/ip_forward

SO my problem is that I cant surf ANY web site if the traffic is
forwarded 'transparently' via the IPTABLES script to the Proxy, but if I
specify the proxy settings in the web browser, it works fine!

I tailed the logs and this is what I noticed:

tail -f /var/log/squid/access.log
1064914801.473 106 172.24.0.222 NONE/400 1437 GET / - NONE/-
text/html

[root@morpheus root]# tail -f /var/log/squid/store.log
1064914866.230 RELEASE -1 FFFFFFFF 90C1F63D83A93356BC8F1285E0D0BE3D 400
1064914866 0 1064914866 text/html 1137/1369 GET /

[root@morpheus root]# tail -f /var/log/squid/cache.log
2003/09/30 17:14:54| 0 Objects expired.
2003/09/30 17:14:54| 0 Objects cancelled.
2003/09/30 17:14:54| 0 Duplicate URLs purged.
2003/09/30 17:14:54| 0 Swapfile clashes avoided.
2003/09/30 17:14:54| Took 0.3 seconds ( 35.8 objects/sec).
2003/09/30 17:14:54| Beginning Validation Procedure
2003/09/30 17:14:54| Completed Validation Procedure
2003/09/30 17:14:54| Validated 12 Entries
2003/09/30 17:14:54| store_swap_size = 96k
2003/09/30 17:14:55| storeLateRelease: released 0 objects

Im very confused, I even used a packet sniffer and confirmed that the
packets are definitely going to the proxy. There are no port filters
blocking the proxy.

I hope someone can point me in the right direction.

Regards
edmund
Received on Tue Sep 30 2003 - 03:48:17 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:04 MST