Re: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https)

2018-02-22 Thread Eliezer Croitoru
mailto:set...@gmail.com] Sent: Thursday, February 22, 2018 19:58 To: Eliezer Croitoru <elie...@ngtech.co.il>; 'Amos Jeffries' <squ...@treenet.co.nz> Cc: 'setuid' <set...@gmail.com>; squid-users@lists.squid-cache.org Subject: Re: [squid-users] Squid 3.x or 4.x acting as a transp

Re: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https)

2018-02-22 Thread Eliezer Croitoru
f Of Amos Jeffries Sent: Thursday, February 8, 2018 10:13 To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https) On 08/02/18 10:11, setuid wrote: > I'll start with the pointedly easy stuff: Squid > 2.6 (tested 3.4, 3.5,

Re: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https)

2018-02-08 Thread Amos Jeffries
On 08/02/18 10:11, setuid wrote: > I'll start with the pointedly easy stuff: Squid > 2.6 (tested 3.4, 3.5, > 4.0 on Ubuntu Xenial, Debian Jessie, FreeSBD 11.1 using iptables, pf, > ipf, ipfilter) does not work at all, when configured as a transparent > proxy. Full stop. > > I went through

Re: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https)

2018-02-07 Thread Amos Jeffries
On 08/02/18 12:44, setuid wrote: > On 2/7/18 6:36 PM, Yuri wrote: >> Did you used ipfw NAT configuration on same box with squid? > > Yes, my ipfw configuration is: > > $cmd 00700 deny ip from any to any dst-port 3128 via em0 > $cmd 00800 fwd 3128 tcp from 192.168.1.25 to any dst-port 80 via em0

Re: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https)

2018-02-07 Thread Yuri
Where ipfw runs? In virtual machine, or on hypervisor? 08.02.2018 05:44, setuid пишет: > On 2/7/18 6:36 PM, Yuri wrote: >> Did you used ipfw NAT configuration on same box with squid? > Yes, my ipfw configuration is: > > $cmd 00700 deny ip from any to any dst-port 3128 via em0 > $cmd 00800 fwd

Re: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https)

2018-02-07 Thread setuid
On 2/7/18 6:36 PM, Yuri wrote: > Did you used ipfw NAT configuration on same box with squid? Yes, my ipfw configuration is: $cmd 00700 deny ip from any to any dst-port 3128 via em0 $cmd 00800 fwd 3128 tcp from 192.168.1.25 to any dst-port 80 via em0 $cmd 00820 allow ip from any to any dst-port

Re: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https)

2018-02-07 Thread Yuri
Squid is relatively difficult to run with transparent mode on virtual platforms due to NAT limitations on virtual platforms (this is not squid's issue, this is issue if virtual platforms). I'm using squid only in transparent mode (only in transparent mode) several years on Solaris (bare metal)

Re: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https)

2018-02-07 Thread Yuri
If you configured squid with '--enable-ipfw-transparent' you should use manual for ipfw configuration. Did you used ipfw NAT configuration on same box with squid? 08.02.2018 05:14, setuid пишет: > On 2/7/18 4:31 PM, Yuri wrote: >> I'm not seen your configuration options for squid. Not

Re: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https)

2018-02-07 Thread setuid
On 2/7/18 5:37 PM, Rafael Akchurin wrote: > How is your network configured? Your rules indicate you have 2 nics but you > later say you have one.. Originally, I started with 1 NIC (it's a VM), and added 2 more, because I read that pf/ipfw can't rewrite ingress packets on the same interface it

Re: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https)

2018-02-07 Thread setuid
On 2/7/18 4:31 PM, Yuri wrote: > I'm not seen your configuration options for squid. Not squid.conf. Just > ./configure options. Here's what I'm building with (from 'make config' in ports tree) '--bindir=/usr/local/sbin' '--build=amd64-portbld-freebsd11.1' '--datadir=/usr/local/etc/squid'

Re: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https)

2018-02-07 Thread Rafael Akchurin
Thats strange. How is your network configured? Your rules indicate you have 2 nics but you later say you have one.. Best regards, Rafael Akchurin > Op 7 feb. 2018 om 23:31 heeft setuid het volgende > geschreven: > >> On 02/07/2018 04:38 PM, Rafael Akchurin wrote: >> If you

Re: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https)

2018-02-07 Thread setuid
On 02/07/2018 04:38 PM, Rafael Akchurin wrote: > If you do not mind looking at other tutorials - these are what we have in the > test lab. > https://docs.diladele.com/tutorials/transparent_proxy_ubuntu/index.html I can confirm that the instructions in this tutorial results in the same exact

Re: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https)

2018-02-07 Thread Rafael Akchurin
] Sent: Wednesday, February 7, 2018 10:45 PM To: Rafael Akchurin <rafael.akchu...@diladele.com>; squid-users@lists.squid-cache.org Subject: Re: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https) On 02/07/2018 04:38 PM, Rafael Akchurin wrote: > If you do not min

Re: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https)

2018-02-07 Thread setuid
On 02/07/2018 04:38 PM, Rafael Akchurin wrote: > If you do not mind looking at other tutorials - these are what we have in the test lab. > https://docs.diladele.com/tutorials/transparent_proxy_ubuntu/index.html > https://docs.diladele.com/tutorials/policy_based_routing_squid/index.html Thanks

Re: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https)

2018-02-07 Thread Rafael Akchurin
[mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of setuid Sent: Wednesday, February 7, 2018 10:11 PM To: squid-users@lists.squid-cache.org Subject: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https) I'll start with the pointedly easy stuff: Squid > 2.6 (tested

Re: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https)

2018-02-07 Thread Yuri
One stupid idiotic question. Did you build your squid with transparent NAT support? This is mandatory prerequisite for transparent squid. I'm not seen your configuration options for squid. Not squid.conf. Just ./configure options. 08.02.2018 03:11, setuid пишет: > I'll start with the

Re: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https)

2018-02-07 Thread setuid
On 02/07/2018 04:11 PM, setuid wrote: > That router has a firewall script on it that says: > == > #!/bin/sh > PROXY_IP=192.168.2.25 Yes, this is a typo here in email but is correct in the router's firewall script. This should be either 192.168.2.20 or 192.168.1.25; both are

[squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT https)

2018-02-07 Thread setuid
I'll start with the pointedly easy stuff: Squid > 2.6 (tested 3.4, 3.5, 4.0 on Ubuntu Xenial, Debian Jessie, FreeSBD 11.1 using iptables, pf, ipf, ipfilter) does not work at all, when configured as a transparent proxy. Full stop. I went through hundreds of posts on dozens of forums, blogs and