[squid-users] squid intercept config
monahbaki at gmail.com
Sat Mar 7 13:52:18 UTC 2015
I forgot to paste my pf.conf
# rdr pass inet proto tcp from 10.0.0.9/32 to any port 80 -> 10.0.0.24 port
# nat on bge0 inet from any to port 80 -> bge0
rdr pass inet proto tcp from 10.0.0.23 to any port 80 -> 10.0.0.24 port 3129
# pass on bge0 inet proto tcp from bge0 to bge0 port 3128
# block in
pass in log quick on bge0
pass out log quick on bge0
pass out keep state
On Sat, Mar 7, 2015 at 8:24 AM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 8/03/2015 1:09 a.m., Monah Baki wrote:
> > Forgot to paste my test.
> > Basically from my squid server:
> > root at ISN-PHC-CACHE:/cache/squid/bin # ./squidclient -h www.cnn.com -H
> > 'Host: www.cnn.com\n' -p 80
> > HTTP/1.1 302 Found
> > Server: Varnish
> > Retry-After: 0
> > Content-Length: 0
> > Location: http://edition.cnn.com80
> Um, that redirect URL is invalid. This Varnish is outputting garbage.
> However, this test result does prove that output traffic from your Squid
> should be fine. The test connecting to your port 3128 should confirm
> that by getting the same or very similar result for normal traffic.
> So the problem is on the input. It could still be at the client end, or
> in the NAT redirection.
> One thing I've not seen clarified in the discussion is which machine the
> NAT rules have been placed (Squid box? or router?). Sorry if I missed that.
> The NAT operation MUST be done on the Squid box or the local machines
> NAT system tells it the client was connecting to connect to
> itself/Squid:3129 (which is the forwarding loop).
> The router looks liek a Cisco device, so it must do L2 routing
> redirection or WCCP to deliver packets to the Squid machine without
> having altered their IP:port details in any way.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the squid-users