mailto:set...@gmail.com]
Sent: Thursday, February 22, 2018 19:58
To: Eliezer Croitoru <elie...@ngtech.co.il>; 'Amos Jeffries'
<squ...@treenet.co.nz>
Cc: 'setuid' <set...@gmail.com>; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid 3.x or 4.x acting as a transp
f
Of Amos Jeffries
Sent: Thursday, February 8, 2018 10:13
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy
(NOT https)
On 08/02/18 10:11, setuid wrote:
> I'll start with the pointedly easy stuff: Squid > 2.6 (tested 3.4, 3.5,
On 08/02/18 10:11, setuid wrote:
> I'll start with the pointedly easy stuff: Squid > 2.6 (tested 3.4, 3.5,
> 4.0 on Ubuntu Xenial, Debian Jessie, FreeSBD 11.1 using iptables, pf,
> ipf, ipfilter) does not work at all, when configured as a transparent
> proxy. Full stop.
>
> I went through
On 08/02/18 12:44, setuid wrote:
> On 2/7/18 6:36 PM, Yuri wrote:
>> Did you used ipfw NAT configuration on same box with squid?
>
> Yes, my ipfw configuration is:
>
> $cmd 00700 deny ip from any to any dst-port 3128 via em0
> $cmd 00800 fwd 3128 tcp from 192.168.1.25 to any dst-port 80 via em0
Where ipfw runs? In virtual machine, or on hypervisor?
08.02.2018 05:44, setuid пишет:
> On 2/7/18 6:36 PM, Yuri wrote:
>> Did you used ipfw NAT configuration on same box with squid?
> Yes, my ipfw configuration is:
>
> $cmd 00700 deny ip from any to any dst-port 3128 via em0
> $cmd 00800 fwd
On 2/7/18 6:36 PM, Yuri wrote:
> Did you used ipfw NAT configuration on same box with squid?
Yes, my ipfw configuration is:
$cmd 00700 deny ip from any to any dst-port 3128 via em0
$cmd 00800 fwd 3128 tcp from 192.168.1.25 to any dst-port 80 via em0
$cmd 00820 allow ip from any to any dst-port
Squid is relatively difficult to run with transparent mode on virtual
platforms due to NAT limitations on virtual platforms (this is not
squid's issue, this is issue if virtual platforms).
I'm using squid only in transparent mode (only in transparent mode)
several years on Solaris (bare metal)
If you configured squid with
'--enable-ipfw-transparent'
you should use manual for ipfw configuration.
Did you used ipfw NAT configuration on same box with squid?
08.02.2018 05:14, setuid пишет:
> On 2/7/18 4:31 PM, Yuri wrote:
>> I'm not seen your configuration options for squid. Not
On 2/7/18 5:37 PM, Rafael Akchurin wrote:
> How is your network configured? Your rules indicate you have 2 nics but you
> later say you have one..
Originally, I started with 1 NIC (it's a VM), and added 2 more, because
I read that pf/ipfw can't rewrite ingress packets on the same interface
it
On 2/7/18 4:31 PM, Yuri wrote:
> I'm not seen your configuration options for squid. Not squid.conf. Just
> ./configure options.
Here's what I'm building with (from 'make config' in ports tree)
'--bindir=/usr/local/sbin'
'--build=amd64-portbld-freebsd11.1'
'--datadir=/usr/local/etc/squid'
Thats strange.
How is your network configured? Your rules indicate you have 2 nics but you
later say you have one..
Best regards,
Rafael Akchurin
> Op 7 feb. 2018 om 23:31 heeft setuid het volgende
> geschreven:
>
>> On 02/07/2018 04:38 PM, Rafael Akchurin wrote:
>> If you
On 02/07/2018 04:38 PM, Rafael Akchurin wrote:
> If you do not mind looking at other tutorials - these are what we have in the
> test lab.
> https://docs.diladele.com/tutorials/transparent_proxy_ubuntu/index.html
I can confirm that the instructions in this tutorial results in the same
exact
]
Sent: Wednesday, February 7, 2018 10:45 PM
To: Rafael Akchurin <rafael.akchu...@diladele.com>;
squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy
(NOT https)
On 02/07/2018 04:38 PM, Rafael Akchurin wrote:
> If you do not min
On 02/07/2018 04:38 PM, Rafael Akchurin wrote:
> If you do not mind looking at other tutorials - these are what we have
in the test lab.
> https://docs.diladele.com/tutorials/transparent_proxy_ubuntu/index.html
> https://docs.diladele.com/tutorials/policy_based_routing_squid/index.html
Thanks
[mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of setuid
Sent: Wednesday, February 7, 2018 10:11 PM
To: squid-users@lists.squid-cache.org
Subject: [squid-users] Squid 3.x or 4.x acting as a transparent http proxy (NOT
https)
I'll start with the pointedly easy stuff: Squid > 2.6 (tested
One stupid idiotic question.
Did you build your squid with transparent NAT support?
This is mandatory prerequisite for transparent squid.
I'm not seen your configuration options for squid. Not squid.conf. Just
./configure options.
08.02.2018 03:11, setuid пишет:
> I'll start with the
On 02/07/2018 04:11 PM, setuid wrote:
> That router has a firewall script on it that says:
> ==
> #!/bin/sh
> PROXY_IP=192.168.2.25
Yes, this is a typo here in email but is correct in the router's
firewall script.
This should be either 192.168.2.20 or 192.168.1.25; both are
I'll start with the pointedly easy stuff: Squid > 2.6 (tested 3.4, 3.5,
4.0 on Ubuntu Xenial, Debian Jessie, FreeSBD 11.1 using iptables, pf,
ipf, ipfilter) does not work at all, when configured as a transparent
proxy. Full stop.
I went through hundreds of posts on dozens of forums, blogs and
18 matches
Mail list logo