[squid-users] Transparent Proxy on OSX Yosemite
Shively, Gregory
gregory_shively at fanniemae.com
Tue Aug 30 23:19:10 UTC 2016
I'm attempting to get a squid working as a transparent proxy on OSX Yosemite. Every attempt ended with a "Forward loop detected". I initially started with the version from homebrew and moved to just compiling myself to see if I could figure out what was going on. Being new to both pf network and squid, it might be something that I have configured wrong. I configured pf similar to:
nat on $ext_if proto {udp, tcp} from $int_if:network to any port domain -> ($ext_if)
rdr pass on $int_if proto tcp from $int_if:network to any port {http, https} -> 127.0.0.1 port 3129
And my squid.conf for my testing is basically:
http_port 3128
http_port 3129 intercept
http_access allow all
I'm not sure if this is more appropriate on this mailing list or the developer mailing list (hoping it is just something I'm doing wrong). The squid that I'm using doesn't have -with-nat-devpf enabled; it fails to compile with that option. I'm wondering if the getsockname() as per comment for PFIntercept (of the !_USE_NAT_DEVPF) in src/ip/Intercept.cc, on OSX is not returning the pre-rdr address and causing the forward loop.
As mentioned, the -with-nat-devpf fails to compile on OSX due to a missing header file. And from looking it sounds like the header is for the ioctl() on /dev/pf, which doesn't seem to be public API on OSX. So I'm trying to determine if my issue is due to a misconfiguration - or is this portion of the code not working with OSX. I looked at the code for mitmproxy, and it seems like they require a sudoers entry to run "pfctl -s state" and parse the state. Would something like that need to be added to squid to support transparent proxy on OSX. I had started to put some code together like mitmproxy, but thought better check if I didn't get something configured correctly.
Greg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160830/231fc8ad/attachment.html>
More information about the squid-users
mailing list