<div dir="ltr"><div>Sorry if this shows up twice on the mailing list...</div><div>I've setup a transparent proxy squid v3.5.22 on a x86_64 Arch Linux server.  The transparent proxy is working fine for web page caching but live video isn't getting through.  I thought it was a netfilter issue but bypassing the proxy fixes this issue.</div><div><br></div><div>acl localnet src <a href="http://10.20.0.0/16">10.20.0.0/16</a><span class="gmail-Apple-tab-span" style="white-space:pre">     </span># RFC1918 possible internal network</div><div>acl SSL_ports port 443<span class="gmail-Apple-tab-span" style="white-space:pre">              </span># https<br></div><div>acl Safe_ports port 80<span class="gmail-Apple-tab-span" style="white-space:pre">                </span># http</div><div>acl Safe_ports port 554<span class="gmail-Apple-tab-span" style="white-space:pre">  </span># rtsp</div><div>acl Safe_ports port 1935<span class="gmail-Apple-tab-span" style="white-space:pre"> </span># rtmp</div><div>acl Safe_ports port 21<span class="gmail-Apple-tab-span" style="white-space:pre">           </span># ftp</div><div>acl Safe_ports port 443<span class="gmail-Apple-tab-span" style="white-space:pre">   </span># https</div><div>acl Safe_ports port 1025-65535  # unregistered ports </div><div>acl CONNECT method CONNECT</div><div>http_access deny !Safe_ports<br></div><div>http_access deny CONNECT !SSL_ports</div><div>http_access allow localhost manager<br></div><div>http_access deny manager</div><div>http_access deny to_localhost</div><div>http_access allow localnet</div><div>http_access allow localhost</div><div>http_access deny all</div><div>visible_hostname <a href="http://server.ourhome.net">server.ourhome.net</a><br></div><div>http_port <a href="http://10.20.30.1:3128">10.20.30.1:3128</a> intercept disable-pmtu-discovery=transparent<br></div><div>http_port <a href="http://127.0.0.0:8181">127.0.0.0:8181</a></div><div>coredump_dir /var/cache/squid<br></div><div>refresh_pattern ^ftp:<span class="gmail-Apple-tab-span" style="white-space:pre">             </span>1440<span class="gmail-Apple-tab-span" style="white-space:pre">  </span>20%<span class="gmail-Apple-tab-span" style="white-space:pre">   </span>10080<br></div><div>refresh_pattern ^gopher:<span class="gmail-Apple-tab-span" style="white-space:pre">        </span>1440<span class="gmail-Apple-tab-span" style="white-space:pre">  </span>0%<span class="gmail-Apple-tab-span" style="white-space:pre">    </span>1440</div><div>refresh_pattern -i (/cgi-bin/|\?) 0<span class="gmail-Apple-tab-span" style="white-space:pre">        </span>0%<span class="gmail-Apple-tab-span" style="white-space:pre">    </span>0</div><div>refresh_pattern .<span class="gmail-Apple-tab-span" style="white-space:pre">             </span>0<span class="gmail-Apple-tab-span" style="white-space:pre">     </span>20%<span class="gmail-Apple-tab-span" style="white-space:pre">   </span>4320</div><div>#</div><div># Anonymous Proxy settings</div><div>include /etc/squid/extra/anonymous.conf</div><div>#</div><div># Virus scanning via C-ICAP</div><div>#</div><div>include /etc/squid/extra/c-icap.conf</div><div>#</div><div><br></div><div>By the process of elimination I've narrowed it down to the anonymous proxy settings...</div><div>anonymous.conf</div><div><br></div><div>forwarded_for off</div><div>request_header_access Allow allow all</div><div>request_header_access Authorization allow all</div><div>request_header_access WWW-Authenticate allow all</div><div>request_header_access Proxy-Authorization allow all</div><div>request_header_access Proxy-Authenticate allow all</div><div>request_header_access Cache-Control allow all</div><div>request_header_access Content-Encoding allow all</div><div>request_header_access Content-Length allow all</div><div>request_header_access Content-Type allow all</div><div>request_header_access Date allow all</div><div>request_header_access Expires allow all</div><div>request_header_access Host allow all</div><div>request_header_access If-Modified-Since allow all</div><div>request_header_access Last-Modified allow all</div><div>request_header_access Location allow all</div><div>request_header_access Pragma allow all</div><div>request_header_access Accept allow all</div><div>request_header_access Accept-Charset allow all</div><div>request_header_access Accept-Encoding allow all</div><div>request_header_access Accept-Language allow all</div><div>request_header_access Content-Language allow all</div><div>request_header_access Mime-Version allow all</div><div>request_header_access Retry-After allow all</div><div>request_header_access Title allow all</div><div>request_header_access Connection allow all</div><div>request_header_access Proxy-Connection allow all</div><div>request_header_access User-Agent allow all</div><div>request_header_access Cookie allow all</div><div>request_header_access All deny all</div><div><br></div><div>could someone please tell me what request_header_access I need to all, or how to further trouble shoot this configuration?</div><div><br></div></div>