Quantcast

Re: squid-users Digest, Vol 31, Issue 61

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: squid-users Digest, Vol 31, Issue 61

christian brendan
Thanks a lot for the information.
I will try this and give feedback.
Best Regards

On Tue, Mar 21, 2017 at 1:00 PM, <[hidden email]> wrote:
Send squid-users mailing list submissions to
        [hidden email]

To subscribe or unsubscribe via the World Wide Web, visit
        http://lists.squid-cache.org/listinfo/squid-users
or, via email, send a message with subject or body 'help' to
        [hidden email]

You can reach the person managing the list at
        [hidden email]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of squid-users digest..."


Today's Topics:

   1. Re: Squid Transparent/intercept Issues (Antony Stone)


----------------------------------------------------------------------

Message: 1
Date: Tue, 21 Mar 2017 12:12:01 +0100
From: Antony Stone <[hidden email]>
To: [hidden email]
Subject: Re: [squid-users] Squid Transparent/intercept Issues
Message-ID: <[hidden email]>
Content-Type: Text/Plain;  charset="utf-8"

On Tuesday 21 March 2017 at 12:00:05, christian brendan wrote:

> > Today's Topics:
> >    1. Re: Squid Transparent/intercept Issues (Antony Stone)
> >    2. Re: SMP and AUFS (Matus UHLAR - fantomas)
> >    3. Re: SMP and AUFS (Alex Rousskov)
> >    4. Re: squid workers question (Alex Rousskov)
> >    5. Re: squid workers question (Matus UHLAR - fantomas)
> >    6. Re: SSL Bump issues (Alex Rousskov)
> >    7. blocking or allowing specific youtube videos (Sohan Wijetunga)

Please edit your reply when responding to a digest email, deleting everything
not specific to your question.

> > Date: Mon, 20 Mar 2017 16:56:17 +0100
> > From: Antony Stone
> > To: [hidden email]
> > Subject: Re: [squid-users] Squid Transparent/intercept Issues
> >
> > On Monday 20 March 2017 at 16:26:40, christian brendan wrote:
> > > Hello Everyone,
> > >
> > > Squid Cache: Version 3.5.20
> > > OS: CentOS 7
> > >
> > > I have used squid for quite some times non transparently and it works,
> > > problem kicks in when: http_port 3128 transparent is enabled.
> > > Access denied error page shows up when transparent is enabled
> > > ERRORThe requested URL could not be retrieved
> >
> > How are you getting the packets to the Squid server for interception?
> >
> > Is the Squid server in the default route between your clients and the
> > Internet, or are you redirecting the packets to the Squid server somehow?
> >
> > Please give *details* of how you are intercepting and sending the packets
> > to Squid (eg: iptables rules, and which machine/s the rules are running
> > on).
> >
> >
> > Antony.

> ​@Antony.Stone
> 1. ​I am using mikrotik routerboard to redirect traffic, with this rule:
> dd action=dst-nat chain=dstnat comment="Redirect port 80 to SquidProxy"
> dst-port=80 protocol=tcp \ src-address=10.24.7.100 to-addresses=10.24.7.101
> to-ports=3128

Okay, so there's your problem, then.

You must not use DSTNAT on a separate router to send packets to Squid for
intercept.

(This used to work in older versions of Squid, but does not work any more and
is documented on the wiki, for example at
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat )

Note the wording: "NOTE: This configuration is given for use on the squid box."
That means the NAT rules *must* be running on the Squid box itself and not (in
your case) on the Mikrotik router.

> 3.​ It is not in default route, packets is been redirected.

In that case you need to use policy routing to get the packets *unchanged* to
the Squid box - see the above link, and also
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute

> ​4. There is no iptable rules, firewall is disabled for this test.

You have to have a REDIRECT rule on the machine running Squid to get it to see
the packets (once they are no longer being DNATted).

Please try to follow the guidelines at
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat and
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute and
then come back to us with details of what you've tried, if there are still
problems.


Regards,


Antony.

--
A user interface is like a joke.
If you have to explain it, it didn't work.

                                                   Please reply to the list;
                                                         please *don't* CC me.


------------------------------

Subject: Digest Footer

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users


------------------------------

End of squid-users Digest, Vol 31, Issue 61
*******************************************


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: squid-users Digest, Vol 31, Issue 61

Antony Stone
On Tuesday 21 March 2017 at 17:29:36, christian brendan wrote:

> Thanks a lot for the information.
> I will try this and give feedback.
> Best Regards

Please note both of the following for when you post your feedback:

1. The request inserted into the email you replied to by the mailing list
system:

        When replying, please edit your Subject line so it is more specific than
        "Re: Contents of squid-users digest..."

2. The request I made in my reply to you:


        Please edit your reply when responding to a digest email, deleting
        everything not specific to your question.


Thanks,


Antony.

--
"Measuring average network latency is about as useful as measuring the mean
temperature of patients in a hospital."

 - Stéphane Bortzmeyer

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Loading...