[squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https)
Rafael Akchurin
rafael.akchurin at diladele.com
Wed Feb 7 22:37:29 UTC 2018
Thats strange.
How is your network configured? Your rules indicate you have 2 nics but you later say you have one..
Best regards,
Rafael Akchurin
> Op 7 feb. 2018 om 23:31 heeft setuid <setuid at gmail.com> het volgende geschreven:
>
>> On 02/07/2018 04:38 PM, Rafael Akchurin wrote:
>> If you do not mind looking at other tutorials - these are what we have in the test lab.
>
>> https://docs.diladele.com/tutorials/transparent_proxy_ubuntu/index.html
>
> I can confirm that the instructions in this tutorial results in the same
> exact failure scenario as all previous attempts and tests (once I
> removed the unnecessary Apache/Web Safety bits).
>
> Firewall rules are:
>
> -A INPUT -i eth0 -p tcp -m tcp --dport 3126 -c 0 0 -j ACCEPT
> -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -c 0 0 -j ACCEPT
> -A FORWARD -i eth1 -o eth0 -c 0 0 -j ACCEPT
>
> Squid config is generic, with the exception of:
>
> http_port 3126 intercept
>
> There is a single interface on the host, which resides on the LAN _and_
> is Internet-facing (eth0).
>
> The result is that I get the same as before:
>
> ==> /var/log/squid3/access.log <==
> 1518042565.613 0 192.168.1.1 TAG_NONE/400 3583 GET / - HIER_NONE/-
> text/html
>
> If I point the client (curl, browser, perl + LWP) at the proxy directly
> on 3128, it works as expected.
>
> I am firmly convinved that _transparent_ proxying with squid, is 100%
> non-functional. The proxy works fine, but transparent proxying is
> demonstrably broken in anything later than 3.x.
>
More information about the squid-users
mailing list