[squid-users] Sos transparent proxy problem
Dear all I am in a panic situation. I have configured squid with Diskd to use as a transparent proxy following are the lines I used to support it for transparent proxy. Httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on the squid is running on port 3128, and my machine has two network cards. eth0 has the ip 192.168.0.29 and the eth1 has the live ip. I have made some of the rules in /etc/rc.local to forward the request to port 80. This is my rc.local touch /var/lock/subsys/local ulimit -n 8192 echo 1 /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -p tcp -j MASQUERADE iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to 192.168.0.29:3128 iptables -t nat -A POSTROUTING -p udp -j MASQUERADE the dns is also running on the same machine. On the client end I have giving 192.168.0.29 as gateway and 192.168.0.29 as dns. I am surprised but my browser takes a lot of time around 4 to 5 minutes; l use IE if I try to open www.hotmail.com it displayes opening page http://WWW.www.hotmail.com.net; then it redirects to auto search. And then says internet explorer cannot display the search page. If I turn on the iptables with the above rules. My browser connects if I give it the proxy server as 192.168.0.29 with port 80. I have tried to reconsider every thing which I can. Urgent help is needed. Thanx a million in advance Kind Regards M Bilal Ahmad Astt manager Communications Naveena Group I am using fedora cora2
Re: [squid-users] Sos transparent proxy problem
On Wed, 2006-02-22 at 15:30 +0500, Muhammad Bilal Ahmad wrote: Dear all [...] touch /var/lock/subsys/local ulimit -n 8192 echo 1 /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -p tcp -j MASQUERADE iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to 192.168.0.29:3128 iptables -t nat -A POSTROUTING -p udp -j MASQUERADE [...] Your iptables rules are wrong, especially the DNAT one. Please check the FAQ at http://squidwiki.kinkie.it/SquidFaq/InterceptionProxy#head-e59e8be8079565bbfac3f978111ea65b48840ef9 Kinkie
RE: [squid-users] Sos transparent proxy problem
Thanx for your reply I have tried all of the instructions listed in the given site but they wont work. I think problem is out of the iptables. Waiting for reply M Bilal Ahmad -Original Message- From: Kinkie [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 4:23 PM To: Muhammad Bilal Ahmad Cc: 'Steve Brown'; squid-users@squid-cache.org Subject: Re: [squid-users] Sos transparent proxy problem On Wed, 2006-02-22 at 15:30 +0500, Muhammad Bilal Ahmad wrote: Dear all [...] touch /var/lock/subsys/local ulimit -n 8192 echo 1 /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -p tcp -j MASQUERADE iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to 192.168.0.29:3128 iptables -t nat -A POSTROUTING -p udp -j MASQUERADE [...] Your iptables rules are wrong, especially the DNAT one. Please check the FAQ at http://squidwiki.kinkie.it/SquidFaq/InterceptionProxy#head-e59e8be8079565bbf ac3f978111ea65b48840ef9 Kinkie
Re: [squid-users] Sos transparent proxy problem
Thanx for your reply I have tried all of the instructions listed in the given site but they wont work. I think problem is out of the iptables. - For your hotmail issue , please try (in squid.conf) : acl hotmail_domains dstdomain.hotmail.msn.com header_access Accept-Encodingdenyhotmail_domains (followed by : squid -k reconfigure) Afterwards , check cache.log; to make sure that no unwanted errors appear; Then check the hotmail access, through transparant proxying, again. M.