[squid-users] http_port intercept: squid 3.1.20 VS 3.5.23.
Thomas Martin
tmartincpp at gmail.com
Wed Oct 4 11:30:52 UTC 2017
Hello,
I'm having trouble to make Squid 3.5.23 work like Squid 3.1.20 does.
Here is my setup:
<clients> | <router> |
<squid proxy>
10.0.0.Y/24 | 10.0.0.254/24 <-> 10.100.0.254/24 | 10.100.0.100/24
The goal was to have the <squid proxy> as a transparent HTTP proxy for
all <clients>; it was achieved few years ago using Squid 3.1.20.
- <clients> have one network interface and 10.0.0.254 as default gateway
- <router> is:
-- obviously forwarding packets,
-- owning the ADSL,
-- doing the transparent redirection of <clients> to <squid proxy> using NAT:
-A PREROUTING -s 10.100.0.100 -i dmz -p tcp -m state --state NEW -m
tcp --dport 80 -j ACCEPT
-A PREROUTING -s 10.0.0.Y/32 -p tcp -m state --state NEW -m tcp
--dport 80 -j DNAT --to-destination 10.100.0.100:3128
- <squid proxy> have one network interface and 10.100.0.100 as default gateway.
Squid's configuration is quite simple:
http_access allow all
http_port 0.0.0.0:3128 intercept
cache_mgr ...
cache_mem ...
...
This is working perfectly fine with Squid 3.1.20.
But now that I have upgraded <squid proxy> to 3.5.23 (from Debian
Wheezy to Stretch) this is not working anymore.
The test I'm using is simple: "curl http://www.google.fr -I" from <clients>.
<clients> are getting 403 returned by <squid proxy> 3.5.23.
In Squid's logs I had: "ERROR: No forward-proxy ports configured.".
After reading Squid docs, forums, mailing, list, etc, I tried to add
another http_port:
http_access allow all
http_port 0.0.0.0:3128 intercept
http_port 0.0.0.0:8080
But it does not work either, Squid seems to loop internally with a lot
a log access_log (even for one request only).
I feel like I missed something obvious, I spent quite some time to
understand but had no luck.
Am I missing something ?
When I was reading on the web, some users claimed that I should have
two network interfaces between <router> and <squid proxy> ?
If that true, why is it working perfectly with Squid 3.1.20 ?
Any clue will be appreciated.
Thanks.
More information about the squid-users
mailing list