[squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https)
setuid
setuid at gmail.com
Wed Feb 7 22:30:54 UTC 2018
On 02/07/2018 04:38 PM, Rafael Akchurin wrote:
> If you do not mind looking at other tutorials - these are what we have in the test lab.
> https://docs.diladele.com/tutorials/transparent_proxy_ubuntu/index.html
I can confirm that the instructions in this tutorial results in the same
exact failure scenario as all previous attempts and tests (once I
removed the unnecessary Apache/Web Safety bits).
Firewall rules are:
-A INPUT -i eth0 -p tcp -m tcp --dport 3126 -c 0 0 -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -c 0 0 -j ACCEPT
-A FORWARD -i eth1 -o eth0 -c 0 0 -j ACCEPT
Squid config is generic, with the exception of:
http_port 3126 intercept
There is a single interface on the host, which resides on the LAN _and_
is Internet-facing (eth0).
The result is that I get the same as before:
==> /var/log/squid3/access.log <==
1518042565.613 0 192.168.1.1 TAG_NONE/400 3583 GET / - HIER_NONE/-
text/html
If I point the client (curl, browser, perl + LWP) at the proxy directly
on 3128, it works as expected.
I am firmly convinved that _transparent_ proxying with squid, is 100%
non-functional. The proxy works fine, but transparent proxying is
demonstrably broken in anything later than 3.x.
More information about the squid-users
mailing list