[squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https)

Rafael Akchurin rafael.akchurin at diladele.com
Wed Feb 7 22:37:29 UTC 2018


Thats strange. 
How is your network configured? Your rules indicate you have 2 nics but you later say you have one..

Best regards,
Rafael Akchurin

> Op 7 feb. 2018 om 23:31 heeft setuid <setuid at gmail.com> het volgende geschreven:
> 
>> On 02/07/2018 04:38 PM, Rafael Akchurin wrote:
>> If you do not mind looking at other tutorials - these are what we have in the test lab.
> 
>> https://docs.diladele.com/tutorials/transparent_proxy_ubuntu/index.html
> 
> I can confirm that the instructions in this tutorial results in the same
> exact failure scenario as all previous attempts and tests (once I
> removed the unnecessary Apache/Web Safety bits).
> 
> Firewall rules are:
> 
> -A INPUT -i eth0 -p tcp -m tcp --dport 3126 -c 0 0 -j ACCEPT
> -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -c 0 0 -j ACCEPT
> -A FORWARD -i eth1 -o eth0 -c 0 0 -j ACCEPT
> 
> Squid config is generic, with the exception of:
> 
> http_port 3126 intercept
> 
> There is a single interface on the host, which resides on the LAN _and_
> is Internet-facing (eth0).
> 
> The result is that I get the same as before:
> 
> ==> /var/log/squid3/access.log <==
> 1518042565.613      0 192.168.1.1 TAG_NONE/400 3583 GET / - HIER_NONE/-
> text/html
> 
> If I point the client (curl, browser, perl + LWP) at the proxy directly
> on 3128, it works as expected.
> 
> I am firmly convinved that _transparent_ proxying with squid, is 100%
> non-functional. The proxy works fine, but transparent proxying is
> demonstrably broken in anything later than 3.x.
> 


More information about the squid-users mailing list