Hi there!
It's been years I haven't played around with squid so I wanted to make a
simple configuration just to see whether I remember the basic things,
and I found two problems:
I'm running:
# squid3 -v
Squid Cache: Version 3.3.8
1) My configuration is the default that the package provides, I just
added another http_port, so now I got:
http_port 3128
http_port 3127 intercept
Afterwards, I setup a REDIRECT iptables rule to make anything
coming to port 8080 be redirected to one of these 2 ports. If I redirect
it to port 3128, everything works fine, squid actually behaves as a
transparent proxy applying the http_access and acl rules correctly. But
if I redirect it to port 3127, any request results in a 111 Connection
refused error. This is the only one rule in my iptables, so it cannot be
related to some rules misconfiguration.
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8080
-j REDIRECT --to-ports 312X
I enabled debugging via the -d flag, there's absolutely nothing
regarding to these requests. The access log shows the request like this:
1405450438.913 0 origin.ip TCP_MISS/503 3487 GET
http://www.devels.es/ - HIER_DIRECT/machine.public.ip text/html
So at this point, my questions are 2:
1.1) What could be causing this behavior?
1.2) If the default redirect port (3128) works as a transparent
proxy (intercept), then what's the concept difference between both
configurations?
2) There are some websites using SSL that I cannot reach using squid,
resulting in a 110 Connection timed out error. One of them is Facebook:
pi_at_rpi ~ $ telnet machine.public.ip 8080
Trying machine.public.ip...
Connected to machine.public.ip.
Escape character is '^]'.
CONNECT www.facebook.com:443
HTTP/1.1 503 Service Unavailable
Server: squid/3.3.8
Mime-Version: 1.0
Date: Tue, 15 Jul 2014 19:00:23 GMT
Content-Type: text/html
Content-Length: 3085
X-Squid-Error: ERR_CONNECT_FAIL 110
Vary: Accept-Language
Content-Language: en
[...]
<p id="sysmsg">The system returned: <i>(110) Connection timed out</i></p>
<p>The remote host or network may be down. Please try the request again.</p>
[...]
Connection closed by foreign host.
However, from the server which hosts squid, I can make a wget or
curl request to facebook. I even installed the same version of squid on
a local virtual machine over my computer just to test and it works,
replicating exactly the same both squid and iptables config. What could
be the cause of this?
Thanks for the help!
Regards,
Nicolás
Received on Tue Jul 15 2014 - 19:09:43 MDT
This archive was generated by hypermail 2.2.0 : Wed Jul 16 2014 - 12:00:18 MDT