Thanks a lot for the information. I will try this and give feedback. Best Regards
On Tue, Mar 21, 2017 at 1:00 PM, <squid-users-requ...@lists.squid-cache.org> wrote: > Send squid-users mailing list submissions to > squid-users@lists.squid-cache.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.squid-cache.org/listinfo/squid-users > or, via email, send a message with subject or body 'help' to > squid-users-requ...@lists.squid-cache.org > > You can reach the person managing the list at > squid-users-ow...@lists.squid-cache.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of squid-users digest..." > > > Today's Topics: > > 1. Re: Squid Transparent/intercept Issues (Antony Stone) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 21 Mar 2017 12:12:01 +0100 > From: Antony Stone <antony.st...@squid.open.source.it> > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Squid Transparent/intercept Issues > Message-ID: <201703211212.01346.antony.st...@squid.open.source.it> > Content-Type: Text/Plain; charset="utf-8" > > On Tuesday 21 March 2017 at 12:00:05, christian brendan wrote: > > > > Today's Topics: > > > 1. Re: Squid Transparent/intercept Issues (Antony Stone) > > > 2. Re: SMP and AUFS (Matus UHLAR - fantomas) > > > 3. Re: SMP and AUFS (Alex Rousskov) > > > 4. Re: squid workers question (Alex Rousskov) > > > 5. Re: squid workers question (Matus UHLAR - fantomas) > > > 6. Re: SSL Bump issues (Alex Rousskov) > > > 7. blocking or allowing specific youtube videos (Sohan Wijetunga) > > Please edit your reply when responding to a digest email, deleting > everything > not specific to your question. > > > > Date: Mon, 20 Mar 2017 16:56:17 +0100 > > > From: Antony Stone > > > To: squid-users@lists.squid-cache.org > > > Subject: Re: [squid-users] Squid Transparent/intercept Issues > > > > > > On Monday 20 March 2017 at 16:26:40, christian brendan wrote: > > > > Hello Everyone, > > > > > > > > Squid Cache: Version 3.5.20 > > > > OS: CentOS 7 > > > > > > > > I have used squid for quite some times non transparently and it > works, > > > > problem kicks in when: http_port 3128 transparent is enabled. > > > > Access denied error page shows up when transparent is enabled > > > > ERRORThe requested URL could not be retrieved > > > > > > How are you getting the packets to the Squid server for interception? > > > > > > Is the Squid server in the default route between your clients and the > > > Internet, or are you redirecting the packets to the Squid server > somehow? > > > > > > Please give *details* of how you are intercepting and sending the > packets > > > to Squid (eg: iptables rules, and which machine/s the rules are running > > > on). > > > > > > > > > Antony. > > > @Antony.Stone > > 1. I am using mikrotik routerboard to redirect traffic, with this rule: > > dd action=dst-nat chain=dstnat comment="Redirect port 80 to SquidProxy" > > dst-port=80 protocol=tcp \ src-address=10.24.7.100 > to-addresses=10.24.7.101 > > to-ports=3128 > > Okay, so there's your problem, then. > > You must not use DSTNAT on a separate router to send packets to Squid for > intercept. > > (This used to work in older versions of Squid, but does not work any more > and > is documented on the wiki, for example at > http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat ) > > Note the wording: "NOTE: This configuration is given for use on the squid > box." > That means the NAT rules *must* be running on the Squid box itself and not > (in > your case) on the Mikrotik router. > > > 3. It is not in default route, packets is been redirected. > > In that case you need to use policy routing to get the packets *unchanged* > to > the Squid box - see the above link, and also > http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute > > > 4. There is no iptable rules, firewall is disabled for this test. > > You have to have a REDIRECT rule on the machine running Squid to get it to > see > the packets (once they are no longer being DNATted). > > Please try to follow the guidelines at > http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat and > http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute > and > then come back to us with details of what you've tried, if there are still > problems. > > > Regards, > > > Antony. > > -- > A user interface is like a joke. > If you have to explain it, it didn't work. > > Please reply to the > list; > please *don't* CC > me. > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > > ------------------------------ > > End of squid-users Digest, Vol 31, Issue 61 > ******************************************* >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
