[squid-users] Forwarding loop again
orientalsniper
oriental.sniper at gmail.com
Sun Oct 12 22:28:29 UTC 2014
Hello all, I'm having forwarding loops again, this time however it's
different. With Squid alone it works, however if I use it with
Dansguardian, I'm getting forwarding loops.
This is the most relevant message from the logs:
X-Forwarded-For: 10.1.0.3, 10.2.0.4
10.1.0.3 is the client requesting the website.
10.2.0.4 is an alias for the host. nginx is listening in this address.
And I don't know how 10.2.0.4 ended up there.
I have some aliases set in /etc/rc.conf, starting from 10.2.0.4 to
10.2.0.9, this is for nginx.
HTTP traffic are redirected with pfSense (10.0.0.1, 10.1.0.1), with a
FW rule using 10.2.0.2 (FreeBSD) as gateway.
Dansguardian is listening in 8081, Squid is listening in 3129.
This is my ipfw.rules:
cmd="ipfw -q add"
$cmd 01 allow tcp from any to 10.2.0.1{4-9}
$cmd 02 allow tcp from 10.2.0.1{4-9} to any
$cmd 03 allow tcp from 10.2.0.2 to any 80 out uid squid
$cmd 09 fwd 10.2.0.2,8081 tcp from 10.1.0.3 to any 80
$cmd 20 allow all from any to any (this is temporary)
Most relevant parts of squid.conf:
http_port 10.2.0.2:3129 intercept
follow_x_forwarded_for allow localnet
cache_effective_user squid
cache_effective_group squid
check_hostnames on
unique_hostname squid
Most relevant parts of dansguardian.conf:
filterip = 10.2.0.2
filterports = 8081
proxyip = 10.2.0.2
proxyport = 3129
daemonuser = 'dansguardian'
daemongroup = 'dansguardian'
More information about the squid-users
mailing list