[squid-users] squid-users Digest, Vol 31, Issue 61

christian brendan bosscb.chrisbren at gmail.com
Tue Mar 21 16:29:36 UTC 2017 

Thanks a lot for the information.
I will try this and give feedback.
Best Regards

On Tue, Mar 21, 2017 at 1:00 PM, <squid-users-request at lists.squid-cache.org>
wrote:

> Send squid-users mailing list submissions to
>         squid-users at lists.squid-cache.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.squid-cache.org/listinfo/squid-users
> or, via email, send a message with subject or body 'help' to
>         squid-users-request at lists.squid-cache.org
>
> You can reach the person managing the list at
>         squid-users-owner at lists.squid-cache.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of squid-users digest..."
>
>
> Today's Topics:
>
>    1. Re: Squid Transparent/intercept Issues (Antony Stone)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 21 Mar 2017 12:12:01 +0100
> From: Antony Stone <Antony.Stone at squid.open.source.it>
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] Squid Transparent/intercept Issues
> Message-ID: <201703211212.01346.Antony.Stone at squid.open.source.it>
> Content-Type: Text/Plain;  charset="utf-8"
>
> On Tuesday 21 March 2017 at 12:00:05, christian brendan wrote:
>
> > > Today's Topics:
> > >    1. Re: Squid Transparent/intercept Issues (Antony Stone)
> > >    2. Re: SMP and AUFS (Matus UHLAR - fantomas)
> > >    3. Re: SMP and AUFS (Alex Rousskov)
> > >    4. Re: squid workers question (Alex Rousskov)
> > >    5. Re: squid workers question (Matus UHLAR - fantomas)
> > >    6. Re: SSL Bump issues (Alex Rousskov)
> > >    7. blocking or allowing specific youtube videos (Sohan Wijetunga)
>
> Please edit your reply when responding to a digest email, deleting
> everything
> not specific to your question.
>
> > > Date: Mon, 20 Mar 2017 16:56:17 +0100
> > > From: Antony Stone
> > > To: squid-users at lists.squid-cache.org
> > > Subject: Re: [squid-users] Squid Transparent/intercept Issues
> > >
> > > On Monday 20 March 2017 at 16:26:40, christian brendan wrote:
> > > > Hello Everyone,
> > > >
> > > > Squid Cache: Version 3.5.20
> > > > OS: CentOS 7
> > > >
> > > > I have used squid for quite some times non transparently and it
> works,
> > > > problem kicks in when: http_port 3128 transparent is enabled.
> > > > Access denied error page shows up when transparent is enabled
> > > > ERRORThe requested URL could not be retrieved
> > >
> > > How are you getting the packets to the Squid server for interception?
> > >
> > > Is the Squid server in the default route between your clients and the
> > > Internet, or are you redirecting the packets to the Squid server
> somehow?
> > >
> > > Please give *details* of how you are intercepting and sending the
> packets
> > > to Squid (eg: iptables rules, and which machine/s the rules are running
> > > on).
> > >
> > >
> > > Antony.
>
> > ​@Antony.Stone
> > 1. ​I am using mikrotik routerboard to redirect traffic, with this rule:
> > dd action=dst-nat chain=dstnat comment="Redirect port 80 to SquidProxy"
> > dst-port=80 protocol=tcp \ src-address=10.24.7.100
> to-addresses=10.24.7.101
> > to-ports=3128
>
> Okay, so there's your problem, then.
>
> You must not use DSTNAT on a separate router to send packets to Squid for
> intercept.
>
> (This used to work in older versions of Squid, but does not work any more
> and
> is documented on the wiki, for example at
> http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat )
>
> Note the wording: "NOTE: This configuration is given for use on the squid
> box."
> That means the NAT rules *must* be running on the Squid box itself and not
> (in
> your case) on the Mikrotik router.
>
> > 3.​ It is not in default route, packets is been redirected.
>
> In that case you need to use policy routing to get the packets *unchanged*
> to
> the Squid box - see the above link, and also
> http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
>
> > ​4. There is no iptable rules, firewall is disabled for this test.
>
> You have to have a REDIRECT rule on the machine running Squid to get it to
> see
> the packets (once they are no longer being DNATted).
>
> Please try to follow the guidelines at
> http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat and
> http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
> and
> then come back to us with details of what you've tried, if there are still
> problems.
>
>
> Regards,
>
>
> Antony.
>
> --
> A user interface is like a joke.
> If you have to explain it, it didn't work.
>
>                                                    Please reply to the
> list;
>                                                          please *don't* CC
> me.
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
> ------------------------------
>
> End of squid-users Digest, Vol 31, Issue 61
> *******************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170321/4bdb3abf/attachment-0001.html>

More information about the squid-users mailing list