[squid-users] Squid versions and FreeBSD-10.1 headache
Yuri Voinov
yvoinov at gmail.com
Fri Jan 23 13:29:50 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This looks like not optimal solution, Henrik.
A long time ago, when I meet similar issue, I've draw request way on my
proxy host and find cycling configuration.
It was chain NAT->proxy->redirector->NAT->proxy
To break it I completely differentiate service ports. On my system NAT
not permit to have listening services under rdr rules.
23.01.2015 19:25, Henrik Lidström пишет:
>
>
> On 01/23/15 14:13, Odhiambo Washington wrote:
>>
>>
>> On 23 January 2015 at 15:47, Yuri Voinov <yvoinov at gmail.com
>> <mailto:yvoinov at gmail.com>> wrote:
>>
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Once more. You CANNOT have neither web-server nor other service with
>> listening port 80 on the same host as transparent Squid proxy. This
>> is one and only reason you have looping.
>>
>> Look. On my transparent 3.4.11 (which was early 2.7) IPFilter
>> redirects 80 port to proxy. My web server on the same host listens
>> only 8080, 8088 and 8888 ports. No one service except NAT is using
>> 80 port.
>>
>> And finally I have no looping 4 years.
>>
>> Obvious, is it?
>>
>>
>> Not so obvious.
>>
>> I have a several servers with Apache listening on 80,443 which don't
>> have this problem!
>> I can give you access to one of them to see for yourself if you need to
>> believe.
>>
>> Anyway, this still doesn't help me. After changing my apache to port
>> 8080 and firing up squid-3.5.1, I get access denied for all
>> requests: http://pastebin.com/1fMSE1U9
>>
>>
>>
>>
>> --
>> Best regards,
>> Odhiambo WASHINGTON,
>> Nairobi,KE
>> +254733744121/+254722743223
>> "I can't hear you -- I'm using the scrambler."
>>
>
> My workaround at home (since Squid changed it's intercept/transparent
> code a while back) is to rdr to a small squid server running on firewall
> machine, then cache_peer all traffic to my real squid machine.
>
> /Henrik
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJUwkzOAAoJENNXIZxhPexGOMoH/1zSZC4n+KHC0Bpvf8mMhCNg
sOhxhmcVGCb3EwF9xNWZXYUib5u2kS8jOjYfmrC9XdUxx3Ba34xcb4IuME2RGw0K
ihayTF4eZ421B71CRF+Y7ZRUxDXjI+HIy4IyuD3KApg6qA5js8rKhZQ23dL/Ws14
RA2n5M1+8oNXbAFQS55HFvvYgyEuypistm4fjQy3cY5YBJ2z8faeAVEoQxv+smQf
IUMkqEHtBGORI4RBgZzZ2Q0SLSCc5s+wYdiOm1ARTYITVHZ7Vw1QsMRD5g2UP9H9
pDl4KnGCVCpL0U263W3N8HnVj91EqLJw6Ls4khHdQLiuifIGRMw7YBdyA1hX9JA=
=YaMn
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list