[squid-users] squid intercept config

[Monah Baki]

I forgot to paste my pf.conf

# rdr pass inet proto tcp from 10.0.0.9/32 to any port 80 -> 10.0.0.24 port
3128
# nat on bge0 inet from any to port 80 -> bge0
rdr pass inet proto tcp from 10.0.0.23 to any port 80 -> 10.0.0.24 port 3129
# pass on bge0 inet proto tcp from bge0 to bge0 port 3128

# block in
pass in log quick on bge0
pass out log quick on bge0
pass out keep state


On Sat, Mar 7, 2015 at 8:24 AM, Amos Jeffries <squid3 at treenet.co.nz> wrote:

> On 8/03/2015 1:09 a.m., Monah Baki wrote:
> > Forgot to paste my test.
> >
> > Basically from my squid server:
> > root at ISN-PHC-CACHE:/cache/squid/bin # ./squidclient -h www.cnn.com -H
> > 'Host: www.cnn.com\n' -p 80
> > HTTP/1.1 302 Found
> > Server: Varnish
> > Retry-After: 0
> > Content-Length: 0
> > Location: http://edition.cnn.com80
>
> Um, that redirect URL is invalid. This Varnish is outputting garbage.
>
>
> However, this test result does prove that output traffic from your Squid
> should be fine. The test connecting to your port 3128 should confirm
> that by getting the same or very similar result for normal traffic.
>
>
> So the problem is on the input. It could still be at the client end, or
> in the NAT redirection.
>
> One thing I've not seen clarified in the discussion is which machine the
> NAT rules have been placed (Squid box? or router?). Sorry if I missed that.
>  The NAT operation MUST be done on the Squid box or the local machines
> NAT system tells it the client was connecting to connect to
> itself/Squid:3129 (which is the forwarding loop).
>
> The router looks liek a Cisco device, so it must do L2 routing
> redirection or WCCP to deliver packets to the Squid machine without
> having altered their IP:port details in any way.
>
> Amos
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150307/3d4f8db2/attachment.html>