I'm serving in Iraq, where bandwidth is low and DNS servers are thousands of miles away. squid is a great solution for my unit.
I set up squid-3.0-STABLE8 behind SNAT to do intercetion caching with the standard:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
and http_port 3128 transparent
but squid does not intercept the packets. Setting the proxy in the browsers (IE7 and Forefox3) results in squid caching as expected. After many agonizing days of trying to determine why I was not getting hits when leaving the browsers un-configured, I finally had everyone set their proxy settings to the server and port 3128 (dhcpd takes care of pointing them at the right subnet and gateway). The issues I now face are that other apps don't run right, particularly for the Mac guys (can't have seperate settings in browser and other network apps). I need to run this transparently if at all possible.
Am I missing something with the newest browsers? tcpdump did report that IE7 was sending packets to port 137. Is Firefox also sending to non-standard ports? I even tried DNAT'ing everything from eth1 to port 3128 as a test, but no hits. Do I have squid listen on all possible tcp ports used by both browsers? Is iptables 1.4.1 buggy (doubtful)? Do I re-route all possible tcp ports to 3128? If so, does anyone know what all of the ports used by these two browsers are? Are the browsers sending out "Don't intercept me" headers when in default setup and "Intercept me" headers when configured for proxy? I'm at a loss.
squid is doing a fantastic job of keeping a lot of traffic local, but I fear I will have to cease using it in order to keep everything else working if I can't solve this. IM and VC apps top the list down here since everyone tries to stay in touch with home, so I have to keep them working.
Thanks so much for any help,
Jason
Received on Thu Sep 04 2008 - 02:42:14 MDT
This archive was generated by hypermail 2.2.0 : Thu Sep 04 2008 - 12:00:02 MDT