Re: [squid-users] I thought transparent proxying wasn't working. No, it's something different...

From: Denis Vlasenko <vda@dont-contact.us>
Date: Wed, 29 Jan 2003 13:34:23 +0200

On 29 January 2003 12:07, Denis Vlasenko wrote:
> As you can see, wget sends different HTTP requests with and without
> http_proxy environment variable. Seems like squid dislike this
> request: GET /
> User-Agent: Wget/1.7
> Host: www.ilyichevsk.net
> Accept: */*
> Connection: Keep-Alive
>
> Why???!!
>
> P.S. I verified that with telnet too.

BTW, I seem to never hit this code (debug_options ALL,1 22,3 33,5
but grep of 'parseHttpRequest: addr =' yields nothing in logs):

src/client_side.c
...
#if LINUX_NETFILTER
            /* If the call fails the address structure will be unchanged */
            getsockopt(conn->fd, SOL_IP, SO_ORIGINAL_DST, &conn->me, &sock_sz);
            debug(33, 5) ("parseHttpRequest: addr = %s", inet_ntoa(conn->me.sin_addr));
            if (vport_mode)
                vport = (int) ntohs(http->conn->me.sin_port);
#endif

so maybe it's indeed a transparent proxy problem...

# iptables -t nat -A PREROUTING -s 172.16.0.0/16 -p tcp --dport 80 -j REDIRECT --to 3128
# iptables -t nat -A PREROUTING -s 172.16.0.0/16 -p tcp --dport 3128 -j REDIRECT --to 3128
# iptables -t nat -A PREROUTING -s 172.16.0.0/16 -p tcp --dport 8080 -j REDIRECT --to 3128
# iptables -t nat -n -v --list

Chain PREROUTING (policy ACCEPT 1 packets, 229 bytes)
target prot opt in out source destination
REDIRECT tcp -- * * 172.16.0.0/16 0.0.0.0/0 tcp dpt:80 redir ports 3128
REDIRECT tcp -- * * 172.16.0.0/16 0.0.0.0/0 tcp dpt:3128 redir ports 3128
REDIRECT tcp -- * * 172.16.0.0/16 0.0.0.0/0 tcp dpt:8080 redir ports 3128

squid-2.5.STABLE1-20021119, was configured by:

../configure --host=i386-pc-linux-gnu \
--enable-linux-netfilter \
--enable-ssl \
--with-openssl \
--enable-default-err-language=English \
--enable-err-languages="English" \
--enable-useragent-log \
--enable-referer-log \
--enable-icmp

and compiled with GCC 3.2.

Linux 2.4.19

--
vda
Received on Wed Jan 29 2003 - 04:41:57 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:56 MST