[squid-users] Squid versions and FreeBSD-10.1 headache

[Amos Jeffries]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 24/01/2015 2:13 a.m., Odhiambo Washington wrote:
> On 23 January 2015 at 15:47, Yuri Voinov <yvoinov at gmail.com>
> wrote:
> 
>> 
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> Once more. You CANNOT have neither web-server nor other service
>> with listening port 80 on the same host as transparent Squid
>> proxy. This is one and only reason you have looping.
>> 
>> Look. On my transparent 3.4.11 (which was early 2.7) IPFilter
>> redirects 80 port to proxy. My web server on the same host
>> listens only 8080, 8088 and 8888 ports. No one service except NAT
>> is using 80 port.
>> 
>> And finally I have no looping 4 years.
>> 
>> Obvious, is it?
>> 
>> 
> Not so obvious.
> 
> I have a several servers with Apache listening on 80,443 which
> don't have this problem! I can give you access to one of them to
> see for yourself if you need to believe.
> 
> Anyway, this still doesn't help me. After changing my apache to
> port 8080 and firing up squid-3.5.1, I get access denied for all
> requests: http://pastebin.com/1fMSE1U9
> 


Aha, here is the heart of problem:

2015/01/23 15:59:34.455| client_side.cc(2320) parseHttpRequest: HTTP
Client local=127.0.0.1:13128 remote=192.168.2.165:54234 FD 14 flags=33


The local= value shows what the machine NAT system told Squid the
original destination IP of the client connection was.

Resulting in the to_localhost ACL denying the client access through
the proxy.


Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUwkzOAAoJELJo5wb/XPRjQzwH/j4f+BBj90f6o08d1b+SvBNl
WuzsF6xif4MJfDsjf8+GNV50i+cvkhB5XPjVOXxPJcr3oQTHoi73FOzNnSRMo7zD
5Wyl+mih/rPyb2F2UNRCroNIMLvbdvlFcAo4LcUYikeQDrjHkGj56IrjJEqoEAPg
rXAGH8ON4r1hAnlB+V7dD5eXOUZcCZnaW3y97VzqVzKoe1XEbQniy9J02EmR831s
UBYyROveCXY3jHpXpsX+7VR2aVDZ52qht/REfEtLZu1pc4Ksc0s/mp/Sx6rQKsE6
++Zf0fpTw/nX97n3slHxBkZtUV4yEvcByE6+wgpx8CNqth3AxYJtIv23J/PD0qU=
=sFTR
-----END PGP SIGNATURE-----