[squid-users] intercept mode gives access denied

Amos Jeffries squid3 at treenet.co.nz
Thu Jan 14 13:34:40 UTC 2016


On 15/01/2016 1:27 a.m., Antony Stone wrote:
> On Thursday 14 January 2016 at 13:21:57, jean-yves boisiaud wrote:
> 
>> My squid box is not on a firewall, but on a dedicated server in the DMZ,
>> between the internal and the external firewall.
> 
>> On the internal firewall, port 80 is redirected to the squid box port 3128,
>> for transparent proxying.
> 
> Won't work.
> 
>> When I use a navigator with the proxy set to the squid box and port 8080,
>> everything is working fine.
>>
>> But when I use the same navigator with direct internet connection (no
>> proxy), squid returns me a HTML page with an access denied error message.
>>
>> What do I miss in my configuration ?
> 
> You *must* perform the NAT on the machine Squid is running on for intercept 
> mode to work.
> 
> Doing it on any other router along the way will not work.
> 

For reference,
<http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute>
is the config needed on the internal frewall to pass traffic to Squid.
And <http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat> for
the Squid machine itself.

Amos


More information about the squid-users mailing list