I'm trying to make squid work as transparent proxy on CentOS, squid ver is 3.2.0.12, with ecap enabled. The problem is that squid doesn't work on transparent port and responds on non-transparent port.
I've simplified configuration as possible to exclude access errors Here's my squid.conf: http_port 13128 intercept http_port 13129 acl our_networks src 1.2.3.0/24 acl localnet src 127.0.0.1/24 http_access allow all http_access allow our_networks http_access allow localnet cache_mem 0 MB cache deny all #end of squid.config 1.2.3.0 is my client IP, but I do stuff on server and it shouldn't matter since "allow all". I tried both "intercept" and "transparent" With this config squid works on 13129 - I check it by telnet 127.0.0.1 13129, then GET - I get html of squid error page, which means squid is alive and listening. Also browser request from my client machine from outside is served. But when I telnet 127.0.0.1 13128, curios thing happens: Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. Connection closed by foreign host. That is, port is listened to and connection happens, but it's closed immediately. Same if I use other IP than 127.0.0.1. I have been able to configure squid as transparent proxy on Ubuntu and Ubuntu server, but now staging environment has CentOS, and I've been fighting it for several days now. Just in case I'm also attaching iptables. [root@host13516 etc]# iptables-save # Generated by iptables-save v1.3.5 on Tue Oct 18 03:52:54 2011 *mangle :PREROUTING ACCEPT [1490:127866] :INPUT ACCEPT [1490:127866] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1391:507115] :POSTROUTING ACCEPT [1391:507115] COMMIT # Completed on Tue Oct 18 03:52:54 2011 # Generated by iptables-save v1.3.5 on Tue Oct 18 03:52:54 2011 *filter :INPUT ACCEPT [1490:127866] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1391:507115] COMMIT # Completed on Tue Oct 18 03:52:54 2011 Maybe it's something about how squid was compiled? But I thought iptables support is enabled by default. I humbly ask for help.
