Re: [squid-users] Transparent Proxy not working in 3.0 STable1

> Hi Folks,
>
> I have installed squid 3.0 stable 1 and have configured it for
> transparent mode.
>
> Somehow it doesn't seem to work correctly.
>
> When it runs, it shows that it is running in transparent mode, but then
> when HTTP requests hit the box it gives the WARNING: Transparent
> proxying not supported. The web browser shows an error page but from the
> squid itself (Error: HTTP 400 Bad Request - Invalid URL.....).
>
> When I configured the build, I used the tproxy and the netfilter options
> for transparent proxying as I wasn't sure what one I needed.

At present only one transparency option will work and build. The tproxy
configure option is for kernels patched with the TROXY patch from balabit.
The netfilter option is for standard kernels using iptables NAT REDIRECT.

You will need to pick the one that applies to you and re-build squid.

>
> Does anyone have a clue why it will not run in transparent mode.
>
> I am pretty sure my iptables is OK

It probably is, but squid when configured with multiple transparency
options squid prefers the more transparent option (TPROXY is the only
completely transparent).

It sounds like you need to drop the tproxy.

Amos

>
> Here is what the trace shows:
>
> No. Time Source Destination Protocol
> Info
> 20 12.102354 192.168.26.128 192.168.130.250 HTTP
> GET / HTTP/1.1
>
> Frame 20 (493 bytes on wire, 493 bytes captured)
> Ethernet II, Src: 00:0c:29:e8:3d:07, Dst: 00:0c:29:01:ce:bc
> Internet Protocol, Src Addr: 192.168.26.128 (192.168.26.128), Dst Addr:
> 192.168.130.250 (192.168.130.250)
> Transmission Control Protocol, Src Port: 44418 (44418), Dst Port: http
> (80), Seq: 1, Ack: 1, Len: 427
> Hypertext Transfer Protocol
> GET / HTTP/1.1\r\n
> Host: 192.168.130.250\r\n
> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1)
> Gecko/20060313 Fedora/1.5.0.1-9 Firefox/1.5.0.1 pango-text\r\n
> Accept:
> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plai
> n;q=0.8,image/png,*/*;q=0.5\r\n
> Accept-Language: en-us,en;q=0.5\r\n
> Accept-Encoding: gzip,deflate\r\n
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n
> Keep-Alive: 300\r\n
> Connection: keep-alive\r\n
> \r\n
>
> No. Time Source Destination Protocol
> Info
> 22 12.157274 192.168.130.250 192.168.26.128 HTTP
> HTTP/1.0 400 Bad Request (text/html)[Short Frame]
>
> Frame 22 (1514 bytes on wire, 500 bytes captured)
> Ethernet II, Src: 00:0c:29:01:ce:bc, Dst: 00:0c:29:e8:3d:07
> Internet Protocol, Src Addr: 192.168.130.250 (192.168.130.250), Dst
> Addr: 192.168.26.128 (192.168.26.128)
> Transmission Control Protocol, Src Port: http (80), Dst Port: 44418
> (44418), Seq: 1, Ack: 428, Len: 1448
> Hypertext Transfer Protocol
> HTTP/1.0 400 Bad Request\r\n
> Server: squid/3.0.STABLE1\r\n
> Mime-Version: 1.0\r\n
> Date: Thu, 14 Feb 2008 04:44:37 GMT\r\n
> Content-Type: text/html\r\n
> Content-Length: 1447\r\n
> Expires: Thu, 14 Feb 2008 04:44:37 GMT\r\n
> X-Squid-Error: ERR_INVALID_URL 0\r\n
> X-Cache: MISS from localhost.localdomain\r\n
> Via: 1.0 localhost.localdomain (squid/3.0.STABLE1)\r\n
> Proxy-Connection: close\r\n
> \r\n
>
> TIA
>
> Alan
>
>
>
>
>
Received on Thu Feb 14 2008 - 15:03:48 MST