[squid-users] squid unable to start on CentOS 6.5
Amos Jeffries
squid3 at treenet.co.nz
Tue Dec 23 00:31:55 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 23/12/2014 12:42 p.m., Eliezer Croitoru wrote:
> Well Derek,
>
> I must write something "I am amazed!!!" In Step 7 there is a little
> confusion. The "accel vhost allow-direct" options are not for
> transparent and\or interception proxy and I am unsure why it
> works.
It "works" because the traffic syntax for port 80 is accepted by both
intercept (transparent intercept-proxy) and accel (web server
reverse-proxy) modes. The "allow-direct" settings then converts the
reverse-proxy into a highly vulnerable Open Proxy. Plus firewall NAT
settings diverting all traffic (from both LAN and WAN!)
Derek, If you got to step 9 then *immediately* go to your firewall
setup and erase that line containing:
-i $ETHERNET_INTERNET -p tcp --dport 80 -j REDIRECT
It is completely needless on WAN interface and should never be used in
the form shown there. The tutorial Eliezer linked below contains all
you need for transparent interception.
> you should use something like: http_port 127.0.0.1:3128 http_port
> 13128 intercept
nod.
>
> Instead of what mentioned in the tutorial. I would try to use
> another tutorial or guide to install squid in transparent mode.
> Have you tried our wiki? I have found this for you:
> http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect
>
> Else then couple little mistakes(which I will gladly be open to
> help with) the tutorial looks very good.
>
> Try my suggestion and lets see if squid starts up or not.
>
> Eliezer
>
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUmLf7AAoJELJo5wb/XPRjd8QIANnGYjuGGzJ1WPvV1oF6BZzO
4fxqnJOLDH/M4b6gB+vgRYIkMY1qZTCptC1eE66YvkKGgYYjZEGvbIxyZ3Ql9IEg
bvm2t3ouJxts4I576275XIj9Tvh7u77ObcD51vPFrOCzjt66UoNBnXlHE2Hm7jfz
WYTK/oa7AgdYxfsZPZuVLb6m9ClfIzdB+ta3vVBUkfgsgCPkPZdk3O6NRmhnzA56
sSlCOS43UfXwDsg6F/RwREs5/SruAYa2PTIwhLcHsPmKJiUToH9v/UnGRzGaKiwp
LsuktdGfkDYl4bsd8FVAwTzev1Lzs97+IokVUGogE20LxWT08DwZEMd7M2SvmtE=
=UfqC
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list