[squid-users] Fwd: squid intercept config
Yuri Voinov
yvoinov at gmail.com
Fri Mar 6 13:47:54 UTC 2015
On proxy box.
06.03.15 19:47, monahbaki at gmail.com пишет:
> From squid or router?
>
> Thanks
>
> Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE
> network.
> *From: *Yuri Voinov
> *Sent: *Friday, March 6, 2015 8:44 AM
> *To: *Monah Baki
> *Cc: *squid-users at lists.squid-cache.org
> *Subject: *Re: [squid-users] Fwd: squid intercept config
>
>
> Ok.
>
> In this case this is NAT misconfiguration.
>
> You need to check it carefully.
>
> 06.03.15 19:43, Monah Baki пишет:
>> No other process on 80 is on the server. I also confirmed from the
>> client side if he runs "telnet www.openbsd.org
>> <http://www.openbsd.org> 80" on his desktop, he gets a response.
>>
>> Thanks
>>
>> On Fri, Mar 6, 2015 at 8:28 AM, Yuri Voinov <yvoinov at gmail.com
>> <mailto:yvoinov at gmail.com>> wrote:
>>
>> Did you have another listening process on 80 port on your proxy box?
>>
>> I.e., web-server?
>>
>> 06.03.15 19:26, Monah Baki пишет:
>>> I went and changed the 10.0.0.0/8 <http://10.0.0.0/8> to
>>> 10.0.0.23, which is the client station we are testing on, same
>>> results. Forward loop detected
>>>
>>> Thanks
>>>
>>> On Fri, Mar 6, 2015 at 8:14 AM, Antony Stone
>>> <Antony.Stone at squid.open.source.it
>>> <mailto:Antony.Stone at squid.open.source.it>> wrote:
>>>
>>> On Friday 06 March 2015 at 14:03:28 (EU time), Monah Baki wrote:
>>>
>>> > Hi All,
>>> >
>>> > As an addition to my yesterday's issue,
>>> >
>>> > Tail -f cache.log, I am getting the following:
>>> >
>>> > 015/03/06 13:54:02| WARNING: Forwarding loop detected for:
>>>
>>> > Any ideas?
>>>
>>> Is your NAT rule catching the HTTP requests from the proxy
>>> itself (as well as
>>> the requests from the clients) and sending *everything* to
>>> the proxy
>>> (including the requests the proxy is trying to make out to
>>> the Internet)?
>>>
>>> I'm not an expert on Cisco or BSD, but it does strike me
>>> that your rule:
>>>
>>> rdr pass inet proto tcp from 10.0.0.0/8 <http://10.0.0.0/8>
>>> to any port 80 -> 10.0.0.24 port 3129
>>>
>>> looks like it will match requests from the proxy's address
>>> 10.0.0.24 as well
>>> as all the clients...
>>>
>>> Try adding an exception in before the NAT rule, saying
>>> "traffic from 10.0.0.24
>>> should not be NATted".
>>>
>>>
>>> Regards,
>>>
>>>
>>> Antony.
>>>
>>> --
>>> "Once you have a panic, things tend to become rather undefined."
>>>
>>> - murble
>>>
>>> Please reply to the list;
>>> please *don't* CC me.
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org
>>> <mailto:squid-users at lists.squid-cache.org>
>>> http://lists.squid-cache.org/listinfo/squid-users
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org>
>>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> <mailto:squid-users at lists.squid-cache.org>
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150306/867da2e4/attachment.html>
More information about the squid-users
mailing list