[squid-users] Squid Transparent Proxy with Coovachilli is not working

Amos Jeffries squid3 at treenet.co.nz
Sat Sep 14 10:09:10 UTC 2019

On 14/09/19 7:43 pm, sknz wrote:
> Hello Amos,
> Okay, ports are fixed from here and forwarded 80 to 3127 in iptables.
> http_port 3128 # for proxy client
> http_port 3127 intercept # for http intercept

This does not match the config suggested.

Can you please re-post the config used with the below captures.

> When a user tries to connect an HTTP site,
> tcpdump -vv -ni eth1 port 80 >>>
> https://paste.grasehotspot.org/view/raw/f81a60e4
> tcpdump -vv -ni tun0 port 80 >>>
> https://paste.grasehotspot.org/view/raw/bb0a4bc1
> tcpdump -vv -ni eth0 port 80 >>>
> https://paste.grasehotspot.org/view/raw/563912fd
> ... and the user never sees any output in the browser window. It's not
> working somewhere in between tun0 <--> eth0. eth0 is WAN here.

The thing is - Squid, four layers of NAT, one more trip through the
Chilli portal engine, and two cycles through the firewall all sit in
that problem area. That is a LOT of complexity - figuring out what is
going on is difficult enough before you go changing the settings in
unexpected ways with every post to the mailing list.

What we are doing here is working through those carefully checking what
the traffic is doing until the exact problem point is found.

So far the traces show one trip through Chilli is working okay.


More information about the squid-users mailing list