[squid-users] squid as transparent proxy not working

From: Eric D. Hendrickson <edh@dont-contact.us>
Date: 19 Apr 2002 15:21:02 -0500

Hello,

I am trying to make squid work as a transparent proxy via my NAT box
at home, to my webserver on the LAN behind the NAT box. I am
following the HOW-TO at:

http://www.tldp.org/HOWTO/mini/TransparentProxy.html

My NAT box is a 2.2 kernel (Mandrake 7.1, eth1 == 10.10.10.1) running
squid-2.3.STABLE4-3mdk and my webserver is a 2.4 kernel (Mandrake 8.2,
10.10.10.2) running Apache. Squid is running on port 80 and so is
Apache.

Here is the output of "iptables -t nat -L" on the 2.4 box
(trantor.crystalcave.net == 10.10.10.1):

Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- !trantor.crystalcave.net anywhere tcp dpt:http to:10.10.10.1:80

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 10.0.0.0/8 trantor.crystalcave.netto:10.10.10.2

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

When I try to hit squid from outside my LAN, I get a "ERROR the
requested URL could not be retrieved" and "Access Denied" in bold text
displayed, and the squid log file shows:

1019246699.218 86 206.11.112.251 TCP_MISS/403 1067 GET http://www.crystalcave.net/ - DIRECT/www.crystalcave.net text/html

The request never reaches the internal web server, of course.

The only changes I made to squid.conf are:

http_port 80
httpd_accel_host 10.10.10.2
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

I tried using "virtual" for the httpd_accel_host as the HOW-TO
suggests, but that didn't help.

Any ideas?

Thanks!
Eric Hendrickson
Received on Fri Apr 19 2002 - 14:21:15 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:37 MST