Re: [squid-users] Problem with squid 2.6 on a single computer as a transparent proxy

From: hk- <h.kongsgaard@dont-contact.us>
Date: Fri, 21 Sep 2007 06:01:38 -0700 (PDT)

I fixed the problem by running squid from none root user. :)

hk- wrote:
>
> I have configured squid to run on a single computer like a transparent
> proxy.
> I used this mail from the archive as a install guide.
> http://www.mail-archive.com/squid-users@squid-cache.org/msg48149.html
>
> Adding this as a iptables rule
> iptables -t nat -A OUTPUT -o eth0 -p tcp --dport 80 -m owner --uid-owner
> root -j ACCEPT
> iptables -t nat -A OUTPUT -o eth0 -p tcp --dport 80 -j REDIRECT --to-port
> 3128
>
> And using this as my config
> http_port 3128 transparent
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> access_log /usr/local/squid/var/logs/access.log squid
> hosts_file /etc/hosts
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 # https
> acl SSL_ports port 563 # snews
> acl SSL_ports port 873 # rsync
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl Safe_ports port 631 # cups
> acl Safe_ports port 873 # rsync
> acl Safe_ports port 901 # SWAT
> acl purge method PURGE
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access deny manager
> http_access allow purge localhost
> http_access deny purge
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> acl ME src 10.0.0.5
> http_access allow ME
> http_access deny all
> http_reply_access allow all
> icp_access allow all
> coredump_dir /usr/local/squid/var/cache
>
> Squid Cache: Version 2.6.STABLE14
> configure options: '--prefix=/usr/local/squid' '--enable-linux-netfilter'
>
>
> But when i use lynx I get this output in the browser
>
> This request could not be forwarded to the origin server or to any
> parent caches. The most likely cause for this error is that:
> * The cache administrator does not allow this cache to make direct
> connections to origin servers, and
> * All configured parent caches are currently unreachable.
>
> and this in my cache.log
>
>
> 2007/09/21 14:00:24| WARNING: Forwarding loop detected for:
> Client: 10.0.0.5 http_port: 127.0.0.1:3128
> GET http://www.nytimes.com/ HTTP/1.0
> Host: www.nytimes.com
> Accept: text/html, text/plain, text/css, text/sgml, */*;q=0.01
> Accept-Encoding: gzip, bzip2
> Accept-Language: en
> User-Agent: Lynx/2.8.6rel.4 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.8d
> Via: 1.0 linux.niap.no:3128 (squid/2.6.STABLE14), 1.0 linux.niap.no:3128
> (squid/2.6.STABLE14)
> X-Forwarded-For: 10.0.0.5, 10.0.0.5
> Cache-Control: max-age=259200
> Connection: keep-alive
>
>

-- 
View this message in context: http://www.nabble.com/Problem-with-squid-2.6-on-a-single-computer-as-a-transparent-proxy-tf4495099.html#a12819841
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Fri Sep 21 2007 - 07:01:40 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:02 MDT