[squid-users] Fwd: squid intercept config

Yuri Voinov yvoinov at gmail.com
Fri Mar 6 13:47:54 UTC 2015


On proxy box.

06.03.15 19:47, monahbaki at gmail.com пишет:
> From squid or router?
>
> Thanks
>
> Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE 
> network.
> *From: *Yuri Voinov
> *Sent: *Friday, March 6, 2015 8:44 AM
> *To: *Monah Baki
> *Cc: *squid-users at lists.squid-cache.org
> *Subject: *Re: [squid-users] Fwd: squid intercept config
>
>
> Ok.
>
> In this case this is NAT misconfiguration.
>
> You need to check it carefully.
>
> 06.03.15 19:43, Monah Baki пишет:
>> No other process on 80 is on the server. I also confirmed from the 
>> client side if he runs "telnet www.openbsd.org 
>> <http://www.openbsd.org> 80" on his desktop, he gets a response.
>>
>> Thanks
>>
>> On Fri, Mar 6, 2015 at 8:28 AM, Yuri Voinov <yvoinov at gmail.com 
>> <mailto:yvoinov at gmail.com>> wrote:
>>
>>     Did you have another listening process on 80 port on your proxy box?
>>
>>     I.e., web-server?
>>
>>     06.03.15 19:26, Monah Baki пишет:
>>>     I went and changed the 10.0.0.0/8 <http://10.0.0.0/8> to
>>>     10.0.0.23, which is the client station we are testing on, same
>>>     results. Forward loop detected
>>>
>>>     Thanks
>>>
>>>     On Fri, Mar 6, 2015 at 8:14 AM, Antony Stone
>>>     <Antony.Stone at squid.open.source.it
>>>     <mailto:Antony.Stone at squid.open.source.it>> wrote:
>>>
>>>         On Friday 06 March 2015 at 14:03:28 (EU time), Monah Baki wrote:
>>>
>>>         > Hi All,
>>>         >
>>>         > As an addition to my yesterday's issue,
>>>         >
>>>         > Tail -f cache.log, I am getting the following:
>>>         >
>>>         > 015/03/06 13:54:02| WARNING: Forwarding loop detected for:
>>>
>>>         > Any ideas?
>>>
>>>         Is your NAT rule catching the HTTP requests from the proxy
>>>         itself (as well as
>>>         the requests from the clients) and sending *everything* to
>>>         the proxy
>>>         (including the requests the proxy is trying to make out to
>>>         the Internet)?
>>>
>>>         I'm not an expert on Cisco or BSD, but it does strike me
>>>         that your rule:
>>>
>>>         rdr pass inet proto tcp from 10.0.0.0/8 <http://10.0.0.0/8>
>>>         to any port 80 -> 10.0.0.24 port 3129
>>>
>>>         looks like it will match requests from the proxy's address
>>>         10.0.0.24 as well
>>>         as all the clients...
>>>
>>>         Try adding an exception in before the NAT rule, saying
>>>         "traffic from 10.0.0.24
>>>         should not be NATted".
>>>
>>>
>>>         Regards,
>>>
>>>
>>>         Antony.
>>>
>>>         --
>>>         "Once you have a panic, things tend to become rather undefined."
>>>
>>>          - murble
>>>
>>>                      Please reply to the list;
>>>                            please *don't* CC me.
>>>         _______________________________________________
>>>         squid-users mailing list
>>>         squid-users at lists.squid-cache.org
>>>         <mailto:squid-users at lists.squid-cache.org>
>>>         http://lists.squid-cache.org/listinfo/squid-users
>>>
>>>
>>>
>>>
>>>     _______________________________________________
>>>     squid-users mailing list
>>>     squid-users at lists.squid-cache.org  <mailto:squid-users at lists.squid-cache.org>
>>>     http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>>     _______________________________________________
>>     squid-users mailing list
>>     squid-users at lists.squid-cache.org
>>     <mailto:squid-users at lists.squid-cache.org>
>>     http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150306/867da2e4/attachment.html>


More information about the squid-users mailing list