Transparent Proxy Problem....

This is a discussion on Transparent Proxy Problem.... within the Squid Users forums, part of the Web Server and Related Forums category; Sorry for the repost, somehow my original post ended up being a reply to another thread (??).... Hello, hoping someone has ...


Go Back   Usenet Forums > Web Server and Related Forums > Squid Users

Reload this Page Transparent Proxy Problem....

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 05-13-2004
Mike Haney
 
Posts: n/a
Default Transparent Proxy Problem....
Sorry for the repost, somehow my original post ended up being a reply
to another thread (??)....


Hello, hoping someone has some ideas for me... I'm probably missing
something small here but I am stumped.

I have set up Squid 2.5.STABLE5 on FreeBSD 5.2, and have everything
working great if I specify the proxy in my web browser. A while back
I had this working as a transparent proxy (by following the FAQ's),
and had to shut it down for a few weeks to work on another project.

I fired it back up, put the rules back into my firewall & to the squid
box, and now the transparent proxy will not work... Here's my config:

Client --> NAT/Firewall --> Squid Box
10.215.0.92/24 10.215.0.1/24
10.0.0.0/24 10.0.0.20/24
X.X.X.X Live IP X.X.X.Y Live IP
(default gateway) (for fetching port 80 traffic)

So the client always has to go through the NAT/Firewall, which catches
anything going to port 80 and redirects to the Squid box with this
firewall entry on the NAT/Firewall box:
ipfw add 10050 forward 10.0.0.20,8080 tcp from 10.215.0.92 to any 80

Now on the Squid box I have enabled ip firewalling in the kernel, and
added the following rules:
ipfw add 100 allow tcp from 10.0.0.20 to any (most likely not
useful?)
ipfw add 400 forward 127.0.0.1,8080 log logamount 2000 tcp from any
to any 80
ipfw add 500 allow ip from any to any

So... When I use the proxy directly, everything works fine... But
when I add the firewall rules I can see the packets hitting the Squid
box when I add the LOG option to the forward command on the Squid box,
which produces:
May 12 10:32:50 mysquid kernel: ipfw: 400 Forward to 127.0.0.1:8080
TCP 10.215.0.92:3491 X.X.X.X:80 in via dc0

But on the client, after a bit (sometimes long, sometimes short)
period recieves a squid generated error page which gives the error
message "Connection Failed" with the system returning "(60) Operation
timed out)". I also noticed that during the time in which the client
is trying to request the page, I get about 10-15 log entries on the
Squid box from the forwarding firewall rule on it....

Any ideas on what simple thing I've screwed up here? Any
help/comments are greatly appreciated!

Thanks in advance,
Mike
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 07:34 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0