[squid-users] squid transparent proxy forward loop

Juan Carvajal B. juan at mediaarchitecture.org
Mon Oct 22 12:26:19 UTC 2018 

Dear list,

I hope you can give me some hints for my current task.

I would like to achieve the following:

1. A user comes with the own device, for example phone or table.
2. The user connects to our own WLAN network
4. The user enters the addres of our website
3. The user can only access our website, which is hosted in a sever *not
connected* to the internet.

We have the following set up

Tablets / phones <---> WLAN router <---> server

please note that there is *no* connection to internet. The server is
connected to the "internet" port of the router.

The server runs ubuntu & apache.

I've been trying to achieve this with squid but I get a **warning of a
forwarding loop**. I do not know what I'm doing wrong.

I'm following this:
https://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect
https://wiki.squid-cache.org/SquidFaq/ReverseProxy

Here are my conf files:

****squid.conf****

    http_port 3128 intercept
    http_port 192.168.0.188:80 accel defaultsite=our.domain.org
    http_port 192.168.0.188:443 accel defaultsite=our.domain.org
    cache_peer 127.0.0.1 parent 80 0 no-query originserver name=myAccel
    acl our_sites dstdomain our.domain.org
    http_access allow our_sites
    cache_peer_access myAccel allow our_sites
    cache_peer_access myAccel deny all
    visible_hostname squid.proxy
    acl SSL_ports port 443
    acl CONNECT method CONNECT
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localhost manager
    http_access deny manager
    http_access allow localhost
    http_access allow all
    coredump_dir /var/spool/squid
    refresh_pattern ^ftp:        1440    20%    10080
    refresh_pattern ^gopher:    1440    0%    1440
    refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
    refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
    refresh_pattern .        0    20%    4320


****apache ports.conf****

    #With Squid
    Listen 127.0.0.1:80

    #Without Squid
    #Listen 80

    <IfModule ssl_module>
        Listen 443
    </IfModule>

    <IfModule mod_gnutls.c>
        Listen 443
    </IfModule>


****IPTABLES****

    # your proxy IP
    SQUIDIP=192.168.0.188
    # your proxy listening port
    SQUIDPORT=3128
    iptables -t nat -A PREROUTING -s $SQUIDIP -p tcp --dport 80 -j ACCEPT
    iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port
$SQUIDPORT

apache: 2.4.18
squid: 3.5.12
ubuntu: 16.04

Thank you for your help!

*Juan Carlos Carvajal*

*Join our mailing list
<http://lists.mediaarchitecture.org/?p=subscribe&id=1> (Max 1-mail / month)*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20181022/d5b24fd9/attachment.html>

More information about the squid-users mailing list