squid 3.3.8 and ubuntu 15.04 server 2015-06-24 15:04 GMT+03:00 Yuri Voinov <yvoi...@gmail.com>:
> Squid 3.5.x? > > 24.06.15 18:03, Dalmar пишет: > > Hi, > For over two weeks i am having a really headache in configuring squid > transparent/intercept. > I have tried different options and configurations but i couldn't get it to > work. > i think the problems lies in the Iptables / NAT but i really couldn't > solve it. > I have tried different iptable rules including the intercept linuxDnat - > sysctl configuration, but didnt work. > > # your proxy IP > SQUIDIP=X.X.X.X > > # your proxy listening port > SQUIDPORT=XXXX > > > iptables -t nat -A PREROUTING -s $SQUIDIP -p tcp --dport 80 -j ACCEPT > iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination > $SQUIDIP:$SQUIDPORT > iptables -t nat -A POSTROUTING -j MASQUERADE > iptables -t mangle -A PREROUTING -p tcp --dport $SQUIDPORT -j DROP > > > i have to say that squid works well when i configure in the client > browsers. > > at the mikrotik side, i am using DST-NAT chain port 80 pro TCP action > DST-NAT to address squidIP and Port > > i am using ubuntu server 15.04 using squid 3.3.8 and this is my > configuration and the errors i get: > > > ------ eth0 WAN <----- MAIN WAN Public IP > Internet > MK---| > ------ eth1 LAN > | > ------ eth2 Proxy > > > ------ eth0 WAN ---> Public IP --> Internet --> gets internet > from 24online / another Mikrotik > Squid---| > ------ eth1 Proxy > | > ------ eth2 webmin --> For server Management > > > -error1: if no intercept/transparent and no iptables is configured > -Invalid URL - The requested url could not be retrieved > -but if proxy is configured in the user browser - it works! > > > -error2:if intercept and iptable DNAT is configured > -Access Denied and in the access log TCP-MISS/403 > -no forward proxy port configured > -security alert : host header forgery detected on local= > SquidIP:8080 remote:mikrotikIP (local ip does not match any domain name) > -warning : forwarding loop detected (x-Forwarded-for mikrotik lan > IP) > > squid.conf > > acl localnet src 10.0.0.0/8 # RFC1918 possible internal network > acl localnet src 192.168.0.0/16 # RFC1918 possible internal network > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localhost manager > http_access deny manager > http_access allow localnet > http_access allow localhost > http_access deny all > http_port 8080 > http_port 8181 > cache_mem 2000 MB > cache_dir ufs /var/spool/squid3 100000 16 256 > coredump_dir /var/spool/squid3 > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 > refresh_pattern . 0 20% 4320 > cache_effective_user proxy > cache_effective_group proxy > > ---------------------------------------- > I am really confused, can anyone guide me please. > Thanks in advance > > > _______________________________________________ > squid-users mailing > listsquid-users@lists.squid-cache.orghttp://lists.squid-cache.org/listinfo/squid-users > > > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
