[squid-users] Squid as a proxy (Forwarding loop detected)

Rafael Akchurin rafael.akchurin at diladele.com
Mon Dec 28 12:01:09 UTC 2015 

Hello Richard,

The NATting needs to happen on the gateway – here is more info https://squidproxy.wordpress.com/2014/12/19/squid-3-2-mythbusting-nat/

Best regards,
Rafael

From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Richard
Sent: Monday, December 28, 2015 12:51 PM
To: squid-users at lists.squid-cache.org
Subject: [squid-users] Squid as a proxy (Forwarding loop detected)

Hi,

This question has been asked many times before, but unfortunately the ones I checked did not seem to have a solution for me.

I am trying to setup squid as transparent proxy, but I keep getting the error Forwarding loop detected.

I have the following setup:
Client [172.24.30.11] <-> Router [172.24.30.253 && 172.24.10.253 ] <-> Squid Server [172.24.10.13]

The configuration for squid is as following:
http_port 8080
http_port 3129 intercept
http_access allow all

The iptables rule on my router is as follow:
iptables -t nat -I PREROUTING -s 172.24.30.11 -p tcp --dport 80 -j DNAT --to 172.24.10.13:3129<http://172.24.10.13:3129>

Now when the client tries to download something I get the following logs:
---- access.log ----
1451303118.327      0 172.24.10.13 TCP_MISS/403 3751 GET http://74.125.136.94/ - HIER_NONE/- text/html
1451303118.327      0 172.24.30.11 TCP_MISS/403 3915 GET http://74.125.136.94/ - HIER_DIRECT/172.24.10.13<http://172.24.10.13> text/html

---- cache.log ----
2015/12/28 12:45:14 kid1| Starting Squid Cache version 3.3.8 for x86_64-redhat-linux-gnu...
2015/12/28 12:45:14 kid1| Process ID 776
2015/12/28 12:45:14 kid1| Process Roles: worker
2015/12/28 12:45:14 kid1| With 16384 file descriptors available
2015/12/28 12:45:14 kid1| Initializing IP Cache...
2015/12/28 12:45:14 kid1| DNS Socket created at [::], FD 7
2015/12/28 12:45:14 kid1| DNS Socket created at 0.0.0.0, FD 8
2015/12/28 12:45:14 kid1| Adding domain int-mgt.bitcube.nl<http://int-mgt.bitcube.nl> from /etc/resolv.conf
2015/12/28 12:45:14 kid1| Adding domain int-prd.bitcube.nl<http://int-prd.bitcube.nl> from /etc/resolv.conf
2015/12/28 12:45:14 kid1| Adding domain dmz-prd.bitcube.nl<http://dmz-prd.bitcube.nl> from /etc/resolv.conf
2015/12/28 12:45:14 kid1| Adding nameserver 172.24.10.253 from /etc/resolv.conf
2015/12/28 12:45:14 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2015/12/28 12:45:14 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2015/12/28 12:45:14 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2015/12/28 12:45:14 kid1| Store logging disabled
2015/12/28 12:45:14 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2015/12/28 12:45:14 kid1| Target number of buckets: 1008
2015/12/28 12:45:14 kid1| Using 8192 Store buckets
2015/12/28 12:45:14 kid1| Max Mem  size: 262144 KB
2015/12/28 12:45:14 kid1| Max Swap size: 0 KB
2015/12/28 12:45:14 kid1| Using Least Load store dir selection
2015/12/28 12:45:14 kid1| Current Directory is /
2015/12/28 12:45:14 kid1| Loaded Icons.
2015/12/28 12:45:14 kid1| HTCP Disabled.
2015/12/28 12:45:14 kid1| Squid plugin modules loaded: 0
2015/12/28 12:45:14 kid1| Adaptation support is off.
2015/12/28 12:45:14 kid1| Accepting HTTP Socket connections at local=[::]:8080 remote=[::] FD 11 flags=9
2015/12/28 12:45:14 kid1| Accepting NAT intercepted HTTP Socket connections at local=0.0.0.0:3129<http://0.0.0.0:3129> remote=[::] FD 12 flags=41
2015/12/28 12:45:15 kid1| storeLateRelease: released 0 objects
2015/12/28 12:45:18 kid1| WARNING: Forwarding loop detected for:
GET / HTTP/1.1
User-Agent: curl/7.29.0
Host: 74.125.136.94
Accept: */*
Via: 1.1 srv-proxy01.xxxxxxxxxxxx (squid/3.3.8)
X-Forwarded-For: 172.24.30.11
Cache-Control: max-age=259200
Connection: keep-alive

If I configure the client to use a proxy (on port 8080) it all works fine.

I have a feeling i'm forgetting something simple :(
Hopefully someone can point me into the right direction?

Thanks !

Richard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151228/e0bbbad3/attachment.html>

More information about the squid-users mailing list