Hi,
I haven't used the 2.4.0 kernel, nor iptables, but I would guess that since you are redirecting ANY output intended for port 80 to port 3128, your proxy's requests are being
forwarded back to it! A solution (using ipchains) would be to redirect only forwarded traffic... Just a thought...
Joel Gerber wrote:
> It seems as if my transparent caching setup for squid under Linux
> 2.4.0-test9 is doing some wierd and wonderful things. I've been
> debugging my configuration a bit, and I'm pretty positive that my
> netfilter rules are fine. The various netfilter rules I tried are
> below:
>
> iptables -A OUTPUT -t nat -p tcp --dport 80 -j REDIRECT --to-port 3128
> iptables -A OUTPUT -t nat -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 --dport 80 -j DNAT --to my.ip.address.num:3128
>
> My squid.conf file has the following lines for transparent caching
> support:
>
> http_port 3128
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
>
> Everytime I try to access a webpage on the local router/proxy
> server, I get a wierd and wonderful error as below:
>
> While trying to retrieve the URL: http://www.cnn.com/
>
> The following error was encountered:
> * Access Denied.
> Access control configuration prevents your request from being allowed at this time.
> Please contact your service provider if you feel this is incorrect.
>
> I've tried looking at cache.log and it gives an error like so:
>
> 2000/10/31 22:44:20| WARNING: Forwarding loop detected for:
> GET / HTTP/1.0
> Accept: text/html, text/plain, text/sgml, video/mpeg, image/jpeg, image/tiff, image/x-rgb, image/png, image/x-xbitmap, image/x-xbm, image/gif, application/postscript, */*;q=0.01
> Accept-Encoding: gzip, compress
> Accept-Language: en
> User-Agent: Lynx/2.8.3rel.1 libwww-FM/2.14
> Via: 1.0 my.hostname:3128 (Squid/2.3.STABLE4)
> X-Forwarded-For: 127.0.0.1
> Host: www.cnn.com
> Cache-Control: max-age=259200
> Connection: keep-alive
>
> >From the error message I assume that there is some type
> of looping action going on, but I'm not sure where it's coming
> from. I have another squid server setup for transparent caching
> through a CISCO router, with a very similar setup (except using WCCP
> of course), and it works fine, so I'm pretty sure my configuration
> is *mostly* right, though there is obviously something wrong here.
>
> Any help would be graciously accepted. Thanks for your help!
>
> From: Joel Gerber <joelg@pentaventures.com>
> ------------------------------------------------------------------
> Isaiah 1:18 - Come now, and let us reason together, saith the
> Lord: though your sins be as scarlet, they shall be as white as
> snow; though they be red like crimson, they shall be as wool.
> ------------------------------------------------------------------
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
-- ------------------------------------------- Joćo Neves joao@fabricadeideias.com Fabrica de Ideias sbs - ed. empire center - bl. s - sala 109 cep 70070-904 - brasilia-df - brazil tel: (61) 321 1357 fax: (61) 321 6096 ------------------------------------------- -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Wed Nov 01 2000 - 04:55:13 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:12 MST