[squid-users] Running squid on a machine with only one network interface.

Antony Stone Antony.Stone at squid.open.source.it
Mon Jun 27 20:57:26 UTC 2016

On Monday 27 June 2016 at 22:45:19, Ataro wrote:

> Hi there,
> I've set up a FreeBSD machine inside a VirtualBox machine and used IPFW to
> forward all the requests to the internet through a squid server running on
> the same machine in port 3128 in intercept mode.

Please show us your IPFW rules.

> The problem is that I get 403 http responses on every site I try to access
> to, even on the sites that I've explicitly allowed in the squid.conf file.

Maybe show us your squid.conf as well (without comments or blank lines).

> I also get a warning message on the tty that squid is running on (I've run
> squid in no daemon mode) which says: Warning: Forwarding loop detected
> for:.....

So, NAT is not working correctly...

> I guess that this error occurs since the squid server and the IPFW firewall
> are running on the same machine which have only one network interface.
> Am I right?

Not in the sense that "you can't do this with only one interface", no.

However, quite possibly in the sense that you haven't told IPFW how to 
distinguish between requests in from your clients, and requests out from your 
squid instance.

The former need to go to squid, the latter need to go to the Internet.

Give us a bit more information and we might be able to give you a bit more 


I don't know, maybe if we all waited then cosmic rays would write all our 
software for us. Of course it might take a while.

 - Ron Minnich, Los Alamos National Laboratory

                                                   Please reply to the list;
                                                         please *don't* CC me.

More information about the squid-users mailing list