On 25-4-2015 9:51, Stuart Henderson wrote: > On 2015-04-24, Ton Muller <spatie...@online.nl> wrote: >> my litle box works now as it should be. >> got my DNS isue solved, got my smb working, FTP is happy. >> so time for squid. >> >> installing went well, tweaking conf was ok. >> tweaking pf.conf was harder. >> becouse i wanted a transperant proxy ,so nu changing all browsers and >> machines. >> >> testing with squid -d 1 -N to check if all works, opening a nc -l 3129 >> to see if trafic goes true (to lazy to check the logs, that works to) >> nothing.... > > Did you follow the pkg-readme? uhm....no comment.. > >> google was helpfull >> >> # squid -v >> Squid Cache: Version 3.4.6 >> configure options: '--disable-strict-error-checking' >> '--disable-arch-native' '--enable-shared' >> '--datadir=/usr/local/share/squid' >> '--libexecdir=/usr/local/libexec/squid' '--disable-loadable-modules' >> '--enable-arp-acl' '--enable-auth' '--enable-delay-pools' >> '--enable-follow-x-forwarded-for' '--enable-forw-via-db' >> '--enable-http-violations' '--enable-icap-client' '--enable-ipv6' >> '--enable-referer-log' '--enable-removal-policies=lru heap' >> '--enable-ssl' '--with-openssl' '--enable-storeio=aufs ufs diskd' >> '--with-default-user=_squid' '--with-filedescriptors=8192' >> '--with-krb5-config=no' '--with-pidfile=/var/run/squid.pid' >> '--with-pthreads' '--with-swapdir=/var/squid/cache' >> '--disable-pf-transparent' '--enable-ipfw-transparent' >> '--enable-external-acl-helpers=LDAP_group SQL_session file_userip >> time_quota session unix_group wbinfo_group LDAP_group >> eDirectory_userip' '--prefix=/usr/local' '--sysconfdir=/etc/squid' >> '--mandir=/usr/local/man' '--infodir=/usr/local/info' >> '--localstatedir=/var/squid' '--disable-silent-rules' 'CC=cc' >> 'CFLAGS=-O2 -pipe' 'LDFLAGS=-L/usr/local/lib' >> 'CPPFLAGS=-I/usr/local/include' 'CXX=c++' 'CXXFLAGS=-O2 -pipe' >> >> >> and there is was. >> --disable-pf-transparent. >> to get squid working in transparent mode, it has to be enabled. > > That's for an old-style setup where you give squid access to /dev/pf > and it does a separate lookup from the state table. The other method just > gets the address from the packet itself, it's easier/more reliable/faster. > > well, port 80 goes perfect. but it browser now get stuck if i add https in the pf rule. i would have to get port 80 and 443 to, think thats a squid conf isue.
i tried so many examples i found, i didnt know there was a pkg-readme ,auch. Tony.
