This is a discussion on Transparent Proxy Problem.... - squid ; Sorry for the repost, somehow my original post ended up being a reply to another thread (??).... Hello, hoping someone has some ideas for me... I'm probably missing something small here but I am stumped. I have set up Squid ...
Sorry for the repost, somehow my original post ended up being a reply
to another thread (??)....
Hello, hoping someone has some ideas for me... I'm probably missing
something small here but I am stumped.
I have set up Squid 2.5.STABLE5 on FreeBSD 5.2, and have everything
working great if I specify the proxy in my web browser. A while back
I had this working as a transparent proxy (by following the FAQ's),
and had to shut it down for a few weeks to work on another project.
I fired it back up, put the rules back into my firewall & to the squid
box, and now the transparent proxy will not work... Here's my config:
Client --> NAT/Firewall --> Squid Box
X.X.X.X Live IP X.X.X.Y Live IP
(default gateway) (for fetching port 80 traffic)
So the client always has to go through the NAT/Firewall, which catches
anything going to port 80 and redirects to the Squid box with this
firewall entry on the NAT/Firewall box:
ipfw add 10050 forward 10.0.0.20,8080 tcp from 10.215.0.92 to any 80
Now on the Squid box I have enabled ip firewalling in the kernel, and
added the following rules:
ipfw add 100 allow tcp from 10.0.0.20 to any (most likely not
ipfw add 400 forward 127.0.0.1,8080 log logamount 2000 tcp from any
to any 80
ipfw add 500 allow ip from any to any
So... When I use the proxy directly, everything works fine... But
when I add the firewall rules I can see the packets hitting the Squid
box when I add the LOG option to the forward command on the Squid box,
May 12 10:32:50 mysquid kernel: ipfw: 400 Forward to 127.0.0.1:8080
TCP 10.215.0.92:3491 X.X.X.X:80 in via dc0
But on the client, after a bit (sometimes long, sometimes short)
period recieves a squid generated error page which gives the error
message "Connection Failed" with the system returning "(60) Operation
timed out)". I also noticed that during the time in which the client
is trying to request the page, I get about 10-15 log entries on the
Squid box from the forwarding firewall rule on it....
Any ideas on what simple thing I've screwed up here? Any
help/comments are greatly appreciated!
Thanks in advance,