Re: [squid-users] squid 2.6 + transparent + ipfw

From: Edinilson J. Santos <edinilson@dont-contact.us>
Date: Wed, 5 Jul 2006 15:04:09 -0300

Here I'm having the same problem with Linux.

When I try to do a transparent proxy with:
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j
REDIRECT --to-port 3128

I can see in cache.log hundreds of messages like:
2006/07/04 18:39:20| Failed to select source for
'http://www.britos.com.br/imgs/menu/logistica_down.gif'
2006/07/04 18:39:20| always_direct = -1
2006/07/04 18:39:20| never_direct = 0
2006/07/04 18:39:20| timedout = 0
2006/07/04 18:39:20| Failed to select source for
'http://www.britos.com.br/imgs/menu/logistica_over.gif'
2006/07/04 18:39:20| always_direct = -1
2006/07/04 18:39:20| never_direct = 0
2006/07/04 18:39:20| timedout = 0

Edinilson
---------------------------------------------------------
ATINET-Professional Web Hosting
Tel Voz: (0xx11) 4412-0876
http://www.atinet.com.br

----- Original Message -----
From: "Andrew Pantyukhin" <infofarmer@FreeBSD.org>
To: <squid-users@squid-cache.org>
Sent: Wednesday, July 05, 2006 6:25 AM
Subject: [squid-users] squid 2.6 + transparent + ipfw

I can't figure out how to use transparent squid 2.6 with ipfw.

I don't use --enable-{ipf,pf}-transparent because I only use
ipfw (ipfirewall), not ipf (IP filter) or pf (packet filter). I also
don't use --enable-linux-{netfilter,tproxy}, because I've got
FreeBSD installed, not Linux.

My guess is for transparent proxying to work one of these
options has to be enabled. Let's see what happens.

I compiled squid without any of these options. In cache.log
I see:

Accepting transparently proxied HTTP connections at 0.0.0.0, port 3128, FD
12.

Great! But when I actually try to forward any packets there,
I get this in cache.log:

2006/07/05 12:04:31| WARNING: transparent proxying not supported
2006/07/05 12:04:31| Failed to select source for 'http://mail.ru/'
2006/07/05 12:04:31| always_direct = 0
2006/07/05 12:04:31| never_direct = 0
2006/07/05 12:04:31| timedout = 0

this in access.log:

1152086671.736 1 10.17.225.45 TCP_MISS/503 1589 GET
http://mail.ru/ - NONE/- text/html

and this in the browser:

<...>
   The following error was encountered:
     * Unable to forward this request at this time.
<...>

With squid 2.5, I didn't have to compile it with any
transparency-related options, it just worked. Squid did not
have a notion of being transparent, so it worked great. Now
I have to wonder how to get it working. Can I use accelerator
options to bring back the old behavior? Can I compile squid
with other options and use it with ipfw?

Any help will be much appreciated, thanks!
Received on Wed Jul 05 2006 - 12:23:11 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:01 MDT