One more thing, Does this implies using two NICs (Network Interface Cards)? And the squid server has to be in-between clients and the internet?
Regards On Tue, Mar 21, 2017 at 5:29 PM, christian brendan < bosscb.chrisb...@gmail.com> wrote: > Thanks a lot for the information. > I will try this and give feedback. > Best Regards > > On Tue, Mar 21, 2017 at 1:00 PM, <squid-users-request@lists. > squid-cache.org> wrote: > >> Send squid-users mailing list submissions to >> squid-users@lists.squid-cache.org >> >> To subscribe or unsubscribe via the World Wide Web, visit >> http://lists.squid-cache.org/listinfo/squid-users >> or, via email, send a message with subject or body 'help' to >> squid-users-requ...@lists.squid-cache.org >> >> You can reach the person managing the list at >> squid-users-ow...@lists.squid-cache.org >> >> When replying, please edit your Subject line so it is more specific >> than "Re: Contents of squid-users digest..." >> >> >> Today's Topics: >> >> 1. Re: Squid Transparent/intercept Issues (Antony Stone) >> >> >> ---------------------------------------------------------------------- >> >> Message: 1 >> Date: Tue, 21 Mar 2017 12:12:01 +0100 >> From: Antony Stone <antony.st...@squid.open.source.it> >> To: squid-users@lists.squid-cache.org >> Subject: Re: [squid-users] Squid Transparent/intercept Issues >> Message-ID: <201703211212.01346.antony.st...@squid.open.source.it> >> Content-Type: Text/Plain; charset="utf-8" >> >> On Tuesday 21 March 2017 at 12:00:05, christian brendan wrote: >> >> > > Today's Topics: >> > > 1. Re: Squid Transparent/intercept Issues (Antony Stone) >> > > 2. Re: SMP and AUFS (Matus UHLAR - fantomas) >> > > 3. Re: SMP and AUFS (Alex Rousskov) >> > > 4. Re: squid workers question (Alex Rousskov) >> > > 5. Re: squid workers question (Matus UHLAR - fantomas) >> > > 6. Re: SSL Bump issues (Alex Rousskov) >> > > 7. blocking or allowing specific youtube videos (Sohan Wijetunga) >> >> Please edit your reply when responding to a digest email, deleting >> everything >> not specific to your question. >> >> > > Date: Mon, 20 Mar 2017 16:56:17 +0100 >> > > From: Antony Stone >> > > To: squid-users@lists.squid-cache.org >> > > Subject: Re: [squid-users] Squid Transparent/intercept Issues >> > > >> > > On Monday 20 March 2017 at 16:26:40, christian brendan wrote: >> > > > Hello Everyone, >> > > > >> > > > Squid Cache: Version 3.5.20 >> > > > OS: CentOS 7 >> > > > >> > > > I have used squid for quite some times non transparently and it >> works, >> > > > problem kicks in when: http_port 3128 transparent is enabled. >> > > > Access denied error page shows up when transparent is enabled >> > > > ERRORThe requested URL could not be retrieved >> > > >> > > How are you getting the packets to the Squid server for interception? >> > > >> > > Is the Squid server in the default route between your clients and the >> > > Internet, or are you redirecting the packets to the Squid server >> somehow? >> > > >> > > Please give *details* of how you are intercepting and sending the >> packets >> > > to Squid (eg: iptables rules, and which machine/s the rules are >> running >> > > on). >> > > >> > > >> > > Antony. >> >> > @Antony.Stone >> > 1. I am using mikrotik routerboard to redirect traffic, with this rule: >> > dd action=dst-nat chain=dstnat comment="Redirect port 80 to SquidProxy" >> > dst-port=80 protocol=tcp \ src-address=10.24.7.100 >> to-addresses=10.24.7.101 >> > to-ports=3128 >> >> Okay, so there's your problem, then. >> >> You must not use DSTNAT on a separate router to send packets to Squid for >> intercept. >> >> (This used to work in older versions of Squid, but does not work any more >> and >> is documented on the wiki, for example at >> http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat ) >> >> Note the wording: "NOTE: This configuration is given for use on the squid >> box." >> That means the NAT rules *must* be running on the Squid box itself and >> not (in >> your case) on the Mikrotik router. >> >> > 3. It is not in default route, packets is been redirected. >> >> In that case you need to use policy routing to get the packets >> *unchanged* to >> the Squid box - see the above link, and also >> http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute >> >> > 4. There is no iptable rules, firewall is disabled for this test. >> >> You have to have a REDIRECT rule on the machine running Squid to get it >> to see >> the packets (once they are no longer being DNATted). >> >> Please try to follow the guidelines at >> http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat and >> http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute >> and >> then come back to us with details of what you've tried, if there are still >> problems. >> >> >> Regards, >> >> >> Antony. >> >> -- >> A user interface is like a joke. >> If you have to explain it, it didn't work. >> >> Please reply to the >> list; >> please *don't* >> CC me. >> >> >> ------------------------------ >> >> Subject: Digest Footer >> >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users >> >> >> ------------------------------ >> >> End of squid-users Digest, Vol 31, Issue 61 >> ******************************************* >> > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
