[squid-users] transparent proxy original_dst err

jaykbvt jaykbvt at gmail.com
Tue Apr 21 10:44:04 UTC 2015


Hi,
My squid is configured in interception mode with 

http_port 3130
http_port 3129 intercept

squid is running with single network card. request comes from the Cisco ISG
and internet is also allowed from the same Cisco ISG only.

IPtables has been configured with following 
squidip = 10.58.200.33
squid port = 3129
====================
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to
10.58.200.33:3129
====================

Have also tried setting up config suggested at squid docs

DNAT - http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat
Redirect -
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect


But in all three setup I am getting 

I'm getting following entries in my access.log file...

==========================================================
1429610951.208    309 10.210.83.249 TCP_MISS/503 3808 GET
http://www.wikipedia.org/ - ORIGINAL_DST/10.58.200.33 text/html
1429611003.025      5 10.210.83.249 TCP_MISS/503 3808 GET
http://www.wikipedia.org/ - ORIGINAL_DST/10.58.200.33 text/html
1429611620.888    306 10.210.83.249 TCP_MISS/503 3808 GET
http://www.wikipedia.org/ - ORIGINAL_DST/10.58.200.33 text/html
1429611625.952      4 10.210.83.249 TCP_MISS/503 3808 GET
http://www.wikipedia.org/ - ORIGINAL_DST/10.58.200.33 text/html
==========================================================

Given bellow are entries in cache.log

+++++++++++++++++++++++++++++++++++
2015/04/21 15:50:20.576 kid1| client_side.cc(3412) httpAccept:
local=10.58.200.33:80 remote=10.210.83.249:3375 FD 10 flags=33: accepted
2015/04/21 15:50:20.576 kid1| client_side.cc(258) readSomeData:
local=10.58.200.33:80 remote=10.210.83.249:3375 FD 10 flags=33: reading
request...
2015/04/21 15:50:20.581 kid1| client_side.cc(2322) parseHttpRequest:
parseHttpRequest: req_hdr = {Host: www.wikipedia.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:35.0) Gecko/20100101
Firefox/35.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

}
2015/04/21 15:50:20.581 kid1| client_side.cc(2326) parseHttpRequest:
parseHttpRequest: end = {
}
2015/04/21 15:50:20.581 kid1| client_side.cc(2330) parseHttpRequest:
parseHttpRequest: prefix_sz = 284, req_line_sz = 16
2015/04/21 15:50:20.582 kid1| client_side.cc(925) clientSetKeepaliveFlag:
clientSetKeepaliveFlag: http_ver = 1.1
2015/04/21 15:50:20.582 kid1| client_side.cc(927) clientSetKeepaliveFlag:
clientSetKeepaliveFlag: method = GET
2015/04/21 15:50:20.582 kid1| client_side_request.cc(1691) doCallouts: Doing
calloutContext->hostHeaderVerify()
2015/04/21 15:50:20.583 kid1| client_side.cc(258) readSomeData:
local=10.58.200.33:80 remote=10.210.83.249:3375 FD 10 flags=33: reading
request...
2015/04/21 15:50:20.884 kid1| client_side_request.cc(1698) doCallouts: Doing
calloutContext->clientAccessCheck()
2015/04/21 15:50:20.884 kid1| AccessCheck.cc(32) Start: adaptation off,
skipping
2015/04/21 15:50:20.884 kid1| client_side_request.cc(1727) doCallouts: Doing
calloutContext->clientAccessCheck2()
2015/04/21 15:50:20.884 kid1| client_side_request.cc(1746) doCallouts: Doing
clientInterpretRequestHeaders()
2015/04/21 15:50:20.885 kid1| client_side_request.cc(1835) doCallouts:
calling processRequest()
2015/04/21 15:50:20.888 kid1| client_side.cc(1626) keepaliveNextRequest:
ConnnStateData(local=10.58.200.33:80 remote=10.210.83.249:3375 FD 10
flags=33), Context(local=10.58.200.33:80 remote=10.210.83.249:3375 FD 10
flags=33)
2015/04/21 15:50:20.888 kid1| client_side_request.cc(265)
~ClientHttpRequest: httpRequestFree: http://www.wikipedia.org/
2015/04/21 15:50:20.888 kid1| client_side.cc(1696) keepaliveNextRequest:
local=10.58.200.33:80 remote=10.210.83.249:3375 FD 10 flags=33: calling
conn->readNextRequest()
2015/04/21 15:50:23.401 kid1| client_side.cc(2492) connFinishedWithConn:
local=10.58.200.33:80 remote=10.210.83.249:3375 FD 10 flags=33 closed
2015/04/21 15:50:23.401 kid1| client_side.cc(864) swanSong:
local=10.58.200.33:80 remote=10.210.83.249:3375 flags=33
2015/04/21 15:50:23.401 kid1| client_side.cc(4644) unpinConnection: 
2015/04/21 15:50:23.402 kid1| client_side.cc(895) ~ConnStateData:
local=10.58.200.33:80 remote=10.210.83.249:3375 flags=33
2015/04/21 15:50:25.945 kid1| client_side.cc(3412) httpAccept:
local=10.58.200.33:80 remote=10.210.83.249:3378 FD 10 flags=33: accepted
2015/04/21 15:50:25.946 kid1| client_side.cc(258) readSomeData:
local=10.58.200.33:80 remote=10.210.83.249:3378 FD 10 flags=33: reading
request...
2015/04/21 15:50:25.947 kid1| client_side.cc(2322) parseHttpRequest:
parseHttpRequest: req_hdr = {Host: www.wikipedia.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:35.0) Gecko/20100101
Firefox/35.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

+++++++++++++++++++++++++++++++++++





any idea how to resolve this.

Thanks & Regards,
Jaykbvt




--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/transparent-proxy-original-dst-err-tp4670846.html
Sent from the Squid - Users mailing list archive at Nabble.com.


More information about the squid-users mailing list