[squid-users] Fwd: squid intercept config

Yuri Voinov yvoinov at gmail.com
Fri Mar 6 13:44:38 UTC 2015 

Ok.

In this case this is NAT misconfiguration.

You need to check it carefully.

06.03.15 19:43, Monah Baki пишет:
> No other process on 80 is on the server. I also confirmed from the 
> client side if he runs "telnet www.openbsd.org 
> <http://www.openbsd.org> 80" on his desktop, he gets a response.
>
> Thanks
>
> On Fri, Mar 6, 2015 at 8:28 AM, Yuri Voinov <yvoinov at gmail.com 
> <mailto:yvoinov at gmail.com>> wrote:
>
>     Did you have another listening process on 80 port on your proxy box?
>
>     I.e., web-server?
>
>     06.03.15 19:26, Monah Baki пишет:
>>     I went and changed the 10.0.0.0/8 <http://10.0.0.0/8> to
>>     10.0.0.23, which is the client station we are testing on, same
>>     results. Forward loop detected
>>
>>     Thanks
>>
>>     On Fri, Mar 6, 2015 at 8:14 AM, Antony Stone
>>     <Antony.Stone at squid.open.source.it
>>     <mailto:Antony.Stone at squid.open.source.it>> wrote:
>>
>>         On Friday 06 March 2015 at 14:03:28 (EU time), Monah Baki wrote:
>>
>>         > Hi All,
>>         >
>>         > As an addition to my yesterday's issue,
>>         >
>>         > Tail -f cache.log, I am getting the following:
>>         >
>>         > 015/03/06 13:54:02| WARNING: Forwarding loop detected for:
>>
>>         > Any ideas?
>>
>>         Is your NAT rule catching the HTTP requests from the proxy
>>         itself (as well as
>>         the requests from the clients) and sending *everything* to
>>         the proxy
>>         (including the requests the proxy is trying to make out to
>>         the Internet)?
>>
>>         I'm not an expert on Cisco or BSD, but it does strike me that
>>         your rule:
>>
>>         rdr pass inet proto tcp from 10.0.0.0/8 <http://10.0.0.0/8>
>>         to any port 80 -> 10.0.0.24 port 3129
>>
>>         looks like it will match requests from the proxy's address
>>         10.0.0.24 as well
>>         as all the clients...
>>
>>         Try adding an exception in before the NAT rule, saying
>>         "traffic from 10.0.0.24
>>         should not be NATted".
>>
>>
>>         Regards,
>>
>>
>>         Antony.
>>
>>         --
>>         "Once you have a panic, things tend to become rather undefined."
>>
>>          - murble
>>
>>                  Please reply to the list;
>>                        please *don't* CC me.
>>         _______________________________________________
>>         squid-users mailing list
>>         squid-users at lists.squid-cache.org
>>         <mailto:squid-users at lists.squid-cache.org>
>>         http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>>
>>
>>     _______________________________________________
>>     squid-users mailing list
>>     squid-users at lists.squid-cache.org  <mailto:squid-users at lists.squid-cache.org>
>>     http://lists.squid-cache.org/listinfo/squid-users
>
>
>     _______________________________________________
>     squid-users mailing list
>     squid-users at lists.squid-cache.org
>     <mailto:squid-users at lists.squid-cache.org>
>     http://lists.squid-cache.org/listinfo/squid-users
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150306/4dfd96b4/attachment.html>

More information about the squid-users mailing list