Hi,
I have trouble setting up the gre tunnel.
Searching on the archived email database, I found following link
describing similiar question:
http://www.squid-cache.org/mail-archive/squid-users/200504/0567.html
I tried as suggested in above link, but failed.
modprobe ip_gre
This command is
On ons, 2007-07-25 at 17:57 +0800, Deephay wrote:
But if I set:
forwarded_for off
it renders ok then, seems that this happens only on some MS IIS based
sites. Could somebody explain me why? rules agains proxy?
Of forwarded_for makes a difference then yes.
Regards
Henrik
Greetings all,
I deployed a transparent proxy for the LAN using squid, everything is
fine, but I found some of the sites will be blank (firefox) if you
visit them through the proxy (HTTP/1.1 302 Object Moved instead of
HTTP/1.1 200).
But if I set:
forwarded_for off
it renders ok then, seems
Hi squid-users,
I'm currently trying to replace an old netapp proxy with a squid+linux box.
I've some users behind a Cisco 7200 running IOS 12.4(12) using the proxy in
transparent mode. The current proxy uses WCCP2+GRE to get the traffic from
the router. The aim is to reproduce this behaviour
Nicolas,
Maybe, the packets are getting dropped when they are trying to get back
into your system on port 3128, try redirecting to the port only using
--to-ports instead of --to-destination. I also use the REDIRECT
function as opposed to DNAT. Here is my rule:
iptables -t nat -A PREROUTING -i
Bryan,
First, thanks a lot for your answer, as it permitted me to solve my problem,
at least partially.
The problem came from the tunnel, which had no ip address.
Putting the primary ip address of the box on it was the solution.
(I also simplified my iptable rule, as both are somehow
--- Henrik Nordstrom [EMAIL PROTECTED]
wrote:
[Firewall]:
iptables -t nat -A PREROUTING -i eth0 -p tcp
--dport
80 -j DNAT --to 192.168.1.2:3128
This only kind of works, but very tricky to get
right.
First problem is that the proxy box MUST be
configured to route return
traffic to
lör 2007-01-06 klockan 04:44 -0800 skrev zulkarnain:
How to configure proxy to route return traffic via
firewall? I try rules iptables -t nat -A PREROUTING
-i eth0 -s ! 192.168.1.2 -p tcp --dport 80 -j DNAT
--to 192.168.1.2:3128 but won't work correctly. any
help would be great. Thanks.
Hi,
I'm having problem running transparent proxy with
squid-2.6S6 where squid is not running in the same box
with router/firewall. Here is my configuration:
[Client]---[Squid]---[Firewall][Web server]
192.168.1.3 192.168.1.2 192.168.1.1 192.168.2.2
On Thu, Dec 28, 2006 at 05:31:21AM -0800, zulkarnain wrote:
Hi,
I'm having problem running transparent proxy with
squid-2.6S6 where squid is not running in the same box
with router/firewall. Here is my configuration:
[Client]---[Squid]---[Firewall][Web server]
192.168.1.3
your squid behind firewall.. and firewall is redirecting requests from
squid too...
try this on firewall
iptables -t nat -A PREROUTING -i eth0 -s ! 192.168.1.2 -p tcp --dport
80 -j DNAT --to 192.168.1.2:3128
On 12/28/06, Menuhin Saitov [EMAIL PROTECTED] wrote:
On Thu, Dec 28, 2006 at
tor 2006-12-28 klockan 05:31 -0800 skrev zulkarnain:
Hi,
I'm having problem running transparent proxy with
squid-2.6S6 where squid is not running in the same box
with router/firewall.
transparent and not running on the router/firewall is tricky unless
one uses WCCP or similar support in the
Hi,
I have installed squid2.6.3 in freebsd 5.4 as transparent proxy. I have
setup transparent proxy through cisco router and freebs ipfw so that no
can bypass the proxy server.
When I try to browse the net without keeping the proxy address in the
browser I get the following erros;
tor 2006-05-04 klockan 23:59 +0300 skrev Sha Leir:
Same configuration works perfectly for my friend but i got problem - when i
try to open, for example, http://www.gentoo.org , squid requests
http://www.gentoo.org:1080 . I got line httpd_accel_port 0 in my squid
configuration which must
Problem with transparent proxy virtual ports
I am using squid-2.5.13 (latest version) on remote box with this
configuration:
# cat /etc/squid/squid.conf
http_port 1080
icp_port 0
acl QUERY urlpath_regex .*
no_cache deny QUERY
cache_dir aufs /var/cache/squid 32 16 256
On Sun, 13 Mar 2005, Andrew Daviel wrote:
We are running a transparent bridge on an RH7.3 machine with Linux 2.4.21
using brctl. It works fine. Squid works fine in normal mode through the
admin address of the bridge. But I can't get transparency to work.
Have you enabled the Netfilter Bridge
On Tue, 15 Mar 2005, Andrew Daviel wrote:
.. this is our production bandwidth-shaping bridge, so bringing it up and
down to try different kernels would not be too popular ...
Build yourself a small lab and experiment with. If nothing else you should
be able to find some scrap computer around
On Fri, 11 Mar 2005, Henrik Nordstrom wrote:
We'd like to configure Squid (or something else) to
control access by certain user-agents (IE) to certain URLs (the
Internet...). Ideally this would work as a transparent proxy.
Is this possible in Squid?
Yes.
See the browser and dstdomain
, January 17, 2005 1:40 PM
To: Hamed Majnoonian
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Problem on transparent proxy!
On Sat, 15 Jan 2005, Hamed Majnoonian wrote:
listening on 3128, have checked before. Squid module is up and running and
my firewall has just these two lines:
ipfw
On Sat, 15 Jan 2005, Hamed Majnoonian wrote:
listening on 3128, have checked before. Squid module is up and running and
my firewall has just these two lines:
ipfw add allow ip from any to any
ipfw add fwd 127.0.0.1,3128 tcp from any to any 80
Which won't intercept anything as the first line
I have a 4.11 box with squid [latest] on it. I want to use it as a
transparent proxy. Every setting which is necessary has been set correctly
but without setting the 3128 on my browser it doesn't work and the
access.log doesn't show anything. It seems the transparent concept is
missing with the
I have a 4.11 box with squid [latest] on it. I want to use it as a
transparent proxy. Every setting which is necessary has been set correctly
but without setting the 3128 on my browser it doesn't work and the
access.log doesn't show anything. It seems the transparent concept is
missing with the
On Wed, 7 Jan 2004, Peter Schobel wrote:
For some reason DNAT does not seem to work either - I also tried to use
the transproxy daemon and that didn't seem to work either - this
problem is really stumping me
Does it work if you configure the browser to use the proxy?
Regards
Henrik
yes
it works if i configure the proxy on port 3128 and it also works if i
configure the proxy on port 80 - so the proxy must be working and the
redirection must be working but the transparency is not working
Peter Schobel
~
On Thursday, January 8, 2004, at 02:39 AM, Henrik Nordstrom wrote:
I have a server that was running a transparent redirection proxy - i
was using 2.4.20 kernel on this system and i recently upgraded to
2.6.0.107 kernel package for redhat 9
Ever since i did the kernel upgrade the proxy does not work correctly.
As far as I know, the kernel is configured
One of the really fun things about LINUX is you get to start from scratch
every 2 years when they re-write it :-/
In a message dated 01/07/2004 1:39:57 PM Eastern Standard Time,
[EMAIL PROTECTED] writes:
I have a server that was running a transparent redirection proxy - i
was using 2.4.20
On Wed, 7 Jan 2004, Peter Schobel wrote:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
As an experiment you can try using the DNAT target instead of REDIRECT.
The iptables REDIRECT target has a nasty habit of getting broken from time
to time.
Regards
For some reason DNAT does not seem to work either - I also tried to use
the transproxy daemon and that didn't seem to work either - this
problem is really stumping me
Peter
~
On Wednesday, January 7, 2004, at 04:11 PM, Henrik Nordstrom wrote:
On Wed, 7 Jan 2004, Peter Schobel wrote:
iptables
I'm a university student which want to use squid cache and WCCPV2
with my department's router. I've follow
http://www.squid-cache.org/mail-archive/squid-users/199910/0480.html
When I dump package from gre1 it has error below
# tcpdump -i gre1
tcpdump: WARNING: arptype 778 not supported
30 matches
Mail list logo