[squid-users] Running squid on a machine with only one network interface.

Amos Jeffries squid3 at treenet.co.nz
Tue Jun 28 02:26:14 UTC 2016

On 2016-06-28 08:57, Antony Stone wrote:
> On Monday 27 June 2016 at 22:45:19, Ataro wrote:
>> Hi there,
>> I've set up a FreeBSD machine inside a VirtualBox machine and used 
>> IPFW to
>> forward all the requests to the internet through a squid server 
>> running on
>> the same machine in port 3128 in intercept mode.
> Please show us your IPFW rules.
>> The problem is that I get 403 http responses on every site I try to 
>> access
>> to, even on the sites that I've explicitly allowed in the squid.conf 
>> file.
> Maybe show us your squid.conf as well (without comments or blank 
> lines).
>> I also get a warning message on the tty that squid is running on (I've 
>> run
>> squid in no daemon mode) which says: Warning: Forwarding loop detected
>> for:.....
> So, NAT is not working correctly...

I think that is the problem right there.

 From the description given it sounds like the NAT rules are on the 
'outer' machine. The requirement that NAT be performed on the same 
machine as Squid applies to VM as much as to hardware. The NAT *must* be 
performed on the VM where Squid is running, the outer machine must only 
route packets - not port forward or NAT them to the VM.

>> I guess that this error occurs since the squid server and the IPFW 
>> firewall
>> are running on the same machine which have only one network interface.
>> Am I right?
> Not in the sense that "you can't do this with only one interface", no.

Nod. Squid does not know nor care about interfaces.

> However, quite possibly in the sense that you haven't told IPFW how to
> distinguish between requests in from your clients, and requests out 
> from your
> squid instance.
> The former need to go to squid, the latter need to go to the Internet.
> Give us a bit more information and we might be able to give you a bit 
> more
> help.
> Antony.


More information about the squid-users mailing list