On 2015-04-24, Ton Muller <spatie...@online.nl> wrote: > my litle box works now as it should be. > got my DNS isue solved, got my smb working, FTP is happy. > so time for squid. > > installing went well, tweaking conf was ok. > tweaking pf.conf was harder. > becouse i wanted a transperant proxy ,so nu changing all browsers and > machines. > > testing with squid -d 1 -N to check if all works, opening a nc -l 3129 > to see if trafic goes true (to lazy to check the logs, that works to) > nothing....
Did you follow the pkg-readme? > google was helpfull > > # squid -v > Squid Cache: Version 3.4.6 > configure options: '--disable-strict-error-checking' > '--disable-arch-native' '--enable-shared' > '--datadir=/usr/local/share/squid' > '--libexecdir=/usr/local/libexec/squid' '--disable-loadable-modules' > '--enable-arp-acl' '--enable-auth' '--enable-delay-pools' > '--enable-follow-x-forwarded-for' '--enable-forw-via-db' > '--enable-http-violations' '--enable-icap-client' '--enable-ipv6' > '--enable-referer-log' '--enable-removal-policies=lru heap' > '--enable-ssl' '--with-openssl' '--enable-storeio=aufs ufs diskd' > '--with-default-user=_squid' '--with-filedescriptors=8192' > '--with-krb5-config=no' '--with-pidfile=/var/run/squid.pid' > '--with-pthreads' '--with-swapdir=/var/squid/cache' > '--disable-pf-transparent' '--enable-ipfw-transparent' > '--enable-external-acl-helpers=LDAP_group SQL_session file_userip > time_quota session unix_group wbinfo_group LDAP_group > eDirectory_userip' '--prefix=/usr/local' '--sysconfdir=/etc/squid' > '--mandir=/usr/local/man' '--infodir=/usr/local/info' > '--localstatedir=/var/squid' '--disable-silent-rules' 'CC=cc' > 'CFLAGS=-O2 -pipe' 'LDFLAGS=-L/usr/local/lib' > 'CPPFLAGS=-I/usr/local/include' 'CXX=c++' 'CXXFLAGS=-O2 -pipe' > > > and there is was. > --disable-pf-transparent. > to get squid working in transparent mode, it has to be enabled. That's for an old-style setup where you give squid access to /dev/pf and it does a separate lookup from the state table. The other method just gets the address from the packet itself, it's easier/more reliable/faster.