[squid-users] problem whith squid 3.3.1 in transparent mode

From: Дмитрий Шиленко <d.shylenko_at_global-it.com.ua>
Date: Thu, 12 Jun 2014 15:59:24 +0300

my network 192.168.0.0/24
requests getting transparently sent to the proxy via rule in "ipnat" -> rdr
bge0 0.0.0.0/0 port 80 -> 127.0.0.1 port 3129
to switch in transparent mode i add "http_port 127.0.0.1:3129" string in
squid.conf

Antony Stone писал 12.06.2014 15:52:
> On Thursday 12 June 2014 at 14:43:33, Дмитрий Шиленко wrote:
>
>> When I switch squid transparent proxy mode - it blocks access to all sites:
>>
>> "When you receive a URL http://putty.org/ following error occurred
>> Access denied.
>> Access control system does not allow to fulfill your request now. Contact
>> your administrator.
>> Your cache administrator: webmaster. "
>>
>> switch to normal mode - everything works fine.
>
> What's your networking setup? How are the requests getting transparently
> sent
> to the proxy?
>
> What are you doing to switch between normal and transparent mode:
> - on the proxy server
> - on any firewall / router
> - on the client/s
> - anywhere else
>
>> SQUID 3,3,11
>> config here:
>> acl localnet src 192.168.0.0/24 # RFC1918 possible internal network
>> #
>> acl SSL_ports port 443
>> acl Safe_ports port 80 # http
>> acl Safe_ports port 21 # ftp
>> acl Safe_ports port 443 # https
>> acl Safe_ports port 70 # gopher
>> acl Safe_ports port 210 # wais
>> acl Safe_ports port 1025-65535 # unregistered ports
>> acl Safe_ports port 280 # http-mgmt
>> acl Safe_ports port 488 # gss-http
>> acl Safe_ports port 591 # filemaker
>> acl Safe_ports port 777 # multiling http
>> acl CONNECT method CONNECT
>>
>> acl AdminsIP src "/usr/local/etc/squid/AccessLists/AdminsIP.txt"
>> acl RestrictedDomains dstdomain
>> "/usr/local/etc/squid/AccessLists/RestrictedDomains.txt"
>> acl ad_group_rassh urlpath_regex -i
>> "/usr/local/etc/squid/AccessLists/rasshirenie.txt"
>>
>> http_access allow localhost
>> http_access deny !Safe_ports
>> # Deny CONNECT to other than SSL ports
>> http_access deny CONNECT !SSL_ports
>>
>> http_access allow localhost
>> http_access allow AdminsIP
>> http_access deny RestrictedDomains
>> http_access deny ad_group_rassh
>> http_access allow localnet
>> http_access deny all
>> icp_access allow localnet
>> icp_access deny all
>> htcp_access allow localnet
>> htcp_access deny all
>>
>> http_port 192.168.0.97:3128
>> http_port 127.0.0.1:3129 intercept
>> cache deny all
>> access_log /var/log/squid/access.log squid
>>
>> In access.log i fand "TCP_MISS"
>
> Regards,
>
>
> Antony.

-- 
  С ув. Шиленко Дмитрий
  Системный инженер
  global-it.com.ua
  моб. (063)142-32-59
  офис 221-55-72
Received on Thu Jun 12 2014 - 12:59:33 MDT

This archive was generated by hypermail 2.2.0 : Thu Jun 12 2014 - 12:00:05 MDT