<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal>I’m attempting to get a squid working as a transparent proxy on OSX Yosemite. Every attempt ended with a “Forward loop detected”. I initially started with the version from homebrew and moved to just compiling myself to see if I could figure out what was going on. Being new to both pf network and squid, it might be something that I have configured wrong. I configured pf similar to:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal> nat on $ext_if proto {udp, tcp} from $int_if:network to any port domain -> ($ext_if)<o:p></o:p></p><p class=MsoNormal> rdr pass on $int_if proto tcp from $int_if:network to any port {http, https} -> 127.0.0.1 port 3129<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>And my squid.conf for my testing is basically:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='text-indent:.5in'>http_port 3128<o:p></o:p></p><p class=MsoNormal style='text-indent:.5in'>http_port 3129 intercept<o:p></o:p></p><p class=MsoNormal style='text-indent:.5in'>http_access allow all<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I’m not sure if this is more appropriate on this mailing list or the developer mailing list (hoping it is just something I’m doing wrong). The squid that I’m using doesn’t have –with-nat-devpf enabled; it fails to compile with that option. I’m wondering if the getsockname() as per comment for PFIntercept (of the !_USE_NAT_DEVPF) in src/ip/Intercept.cc, on OSX is not returning the pre-rdr address and causing the forward loop.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>As mentioned, the –with-nat-devpf fails to compile on OSX due to a missing header file. And from looking it sounds like the header is for the ioctl() on /dev/pf, which doesn’t seem to be public API on OSX. So I’m trying to determine if my issue is due to a misconfiguration – or is this portion of the code not working with OSX. I looked at the code for mitmproxy, and it seems like they require a sudoers entry to run “pfctl –s state” and parse the state. Would something like that need to be added to squid to support transparent proxy on OSX. I had started to put some code together like mitmproxy, but thought better check if I didn’t get something configured correctly.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Greg<o:p></o:p></p></div></body></html>