Thanks a lot Rafael, I've gone through the documentation it looks to be very promising, one reservation i have is I want to use greasyspoon for icap and i see ecap is implemented already. I intend to install everything as suggested on the link, then after this change squid.conf to remove ecap connection. Please, I hope this will work?
Thanks a lot again for the link, it really explained everything well enough for a beginner. Uchenna Nebedum On Fri, Oct 19, 2018, 18:30 Rafael Akchurin <rafael.akchu...@diladele.com> wrote: > Hello Uchenna, > > > > May be this policy based routing with Mikrotik tutorial will be of any use > > See > https://docs.diladele.com/tutorials/mikrotik_transparent_squid/index.html > > > > Best regards, > > Rafael Akchurin > > Diladele B.V. > > > > > > *From:* squid-users <squid-users-boun...@lists.squid-cache.org> *On > Behalf Of *Uchenna Nebedum > *Sent:* Friday, 19 October 2018 18:42 > *To:* squid-users@lists.squid-cache.org > *Subject:* [squid-users] ERROR: NAT/TPROXY lookup failed to locate > original IPs on local > > > > Good Day All, > > i'm new to squid and i have configured squid as an http transparent proxy > with a mikrotik. > > the squid server has only a single NIC, so i followed a tutorial and set > up a dst-nat to squid proxy for traffic on port 80, > > Chain:dstnat. > > Protocol:tcp > > Dst-port:80 > > Action:dst-nat > > To Addresses:192.168.2.2 (squid proxy) > > To ports:8080 > > but after setup, only https traffic works correctly, > > http traffic client error is "This page isn't working ERR_EMPTY_RESPONSE" > > squid access.log is empty then in squid cache.log these are the errors > > > > ``` > > 2018/10/19 17:08:54 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on > local=192.168.2.2:8080 remote=192.168.1.254:41248 FD 10 flags=33: (92) > Protocol not available > 2018/10/19 17:08:54 kid1| ERROR: NAT/TPROXY lookup failed to locate > original IPs on local=192.168.2.2:8080 remote=192.168.1.254:41248 FD 10 > flags=33 > > ``` > > please find below my squid.conf contents > > > > ``` > > acl localnet src 192.168.1.0/24 > acl SSL_ports port 443 > acl Safe_ports port 80 > acl Safe_ports port 21 > acl Safe_ports port 443 > acl Safe_ports port 70 > acl Safe_ports port 210 > acl Safe_ports port 1025-65535 > acl Safe_ports port 280 > acl Safe_ports port 488 > acl Safe_ports port 591 > acl Safe_ports port 777 > acl CONNECT method CONNECT > icap_enable off > icap_service service_req reqmod_precache 1 icap://127.0.0.1:1344/REQMOD > adaptation_service_set class_req service_req > adaptation_access class_req allow all > icap_service service_resp respmod_precache 0 icap://127.0.0.1:1344/RESPMOD > adaptation_service_set class_resp service_resp > adaptation_access class_resp allow all > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localhost manager > http_access deny manager > http_access deny to_localhost > http_access allow localnet > http_access allow localhost > http_access allow all > http_port 3128 > http_port 8080 transparent > access_log daemon:/var/log/squid/access.log squid > coredump_dir /var/spool/squid > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 > refresh_pattern . 0 20% 4320 > > ``` > > please any help or correction would be highly appreciated, i am not even > sure if the approach is correct. > > > -- > > Nebedum Uchenna >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
