Setup: VPN <--> SQUID (both in Amazon EC2 classic instances, not VPC)
1) SQUID works fine by itself when I tried by configuring the browser (and
before setting SQUID as transparent proxy).
2) VPN (strongswan) works fine by itself as well.
Now I added a few iptables rules to route traffic to SQUID and back.
//used these guide (applied all rules from first link, and loop back rule
from second link, in the sec box of the page):
http://www.linuxdocs.org/HOWTOs/mini/TransparentProxy-6.html
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
Behavior (iphone connect to VPN and browse the net; same behavior if
connected directly to proxy):
1) when I set in intercept mode, I see whole URL and I get access denied. In
access.log:
<VPN IP> TCP_MISS/403 4424 GET http://www.cnn.com/ - HIER_NONE/- text/html
<VPN IP> TCP_MISS/403 4515 GET http://www.cnn.com/ - HIER_DIRECT/<SQUID IP>
text/html
cache.log:
Referer: http://www.cnn.com/
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_2 like Mac OS X)
AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A501
Safari/9537.53
Via: 1.1 ip-<SQUID IP> (squid/3.3.9-20131010-r12634)
Cache-Control: max-age=0
Connection: keep-alive
2) when I set to default mode (just port info), I get invalid URL. hostname
information is missing.
access.log - <VPN IP> NONE/400 3544 GET / - HIER_NONE/- text/html
cache.log - <empty>
//squid.conf
forwarded_for transparent
cache_effective_user proxy
http_port 3130 intercept
http_port 3128
debug_options ALL,1
forward_max_tries 25
I have no idea where the problem is.
Thanks
Received on Wed Oct 23 2013 - 18:50:11 MDT
This archive was generated by hypermail 2.2.0 : Sat Oct 26 2013 - 12:00:06 MDT