* transparent proxy
@ 2005-02-03 12:30 Luca Ferrari
2005-02-03 15:58 ` Jens Knoell
0 siblings, 1 reply; 6+ messages in thread
From: Luca Ferrari @ 2005-02-03 12:30 UTC (permalink / raw)
To: linux-admin
Hi,
I'm trying to use a machine as a transparent firewall/proxy, using iptables as
described in the transparent proxy mini howto:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port
8080
where eth0 is my internal interface (eth1 is connected directly to the
router). Now, when I try to browse the web, i always get the squid error page
saying that the url "/" cannot be retrieved. For example, going to
www.google.com is translated as /.
Any idea?
Thanks,
Luca
--
Luca Ferrari,
fluca1978@infinito.it
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: transparent proxy
2005-02-03 12:30 transparent proxy Luca Ferrari
@ 2005-02-03 15:58 ` Jens Knoell
2005-02-05 18:22 ` Andreas Unterkircher
0 siblings, 1 reply; 6+ messages in thread
From: Jens Knoell @ 2005-02-03 15:58 UTC (permalink / raw)
To: Luca Ferrari; +Cc: linux-admin
Luca Ferrari wrote:
>Hi,
>I'm trying to use a machine as a transparent firewall/proxy, using iptables as
>described in the transparent proxy mini howto:
>iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port
>8080
>
>where eth0 is my internal interface (eth1 is connected directly to the
>router). Now, when I try to browse the web, i always get the squid error page
>saying that the url "/" cannot be retrieved. For example, going to
>www.google.com is translated as /.
>Any idea?
>
>Thanks,
>Luca
>
>
That sounds like a faulty squid configuration. What does squids logfile say?
Jen
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: transparent proxy
2005-02-03 15:58 ` Jens Knoell
@ 2005-02-05 18:22 ` Andreas Unterkircher
2005-02-05 19:42 ` Adrian C.
0 siblings, 1 reply; 6+ messages in thread
From: Andreas Unterkircher @ 2005-02-05 18:22 UTC (permalink / raw)
To: linux-admin; +Cc: Luca Ferrari
Don't know if you still have this problem. But maybe you are missing
some lines in your squid configuration.
You must tell squid, that it should act als httpd accellerator...
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Jens Knoell wrote:
> Luca Ferrari wrote:
>
>> Hi,
>> I'm trying to use a machine as a transparent firewall/proxy, using
>> iptables as described in the transparent proxy mini howto:
>> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
>> --to-port 8080
>>
>> where eth0 is my internal interface (eth1 is connected directly to
>> the router). Now, when I try to browse the web, i always get the
>> squid error page saying that the url "/" cannot be retrieved. For
>> example, going to www.google.com is translated as /.
>> Any idea?
>>
>> Thanks,
>> Luca
>>
>>
> That sounds like a faulty squid configuration. What does squids
> logfile say?
>
> Jen
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: transparent proxy
2005-02-05 18:22 ` Andreas Unterkircher
@ 2005-02-05 19:42 ` Adrian C.
2005-02-05 20:22 ` Andreas Unterkircher
0 siblings, 1 reply; 6+ messages in thread
From: Adrian C. @ 2005-02-05 19:42 UTC (permalink / raw)
To: Andreas Unterkircher; +Cc: linux-admin, Luca Ferrari
Don't know why but all of my squid accel ateempts turned out pretty
unstable (as in crash for no apparent reason). I have tried both squid
2.5 and 3.0. Maybe you guys had more luck than me. Is there something
i miss? Without the httpd_accel it works fine.
--Adrian.
On Sat, 05 Feb 2005 19:22:22 +0100, Andreas Unterkircher
<unki@netshadow.at> wrote:
> Don't know if you still have this problem. But maybe you are missing
> some lines in your squid configuration.
> You must tell squid, that it should act als httpd accellerator...
>
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
>
> Jens Knoell wrote:
>
> > Luca Ferrari wrote:
> >
> >> Hi,
> >> I'm trying to use a machine as a transparent firewall/proxy, using
> >> iptables as described in the transparent proxy mini howto:
> >> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
> >> --to-port 8080
> >>
> >> where eth0 is my internal interface (eth1 is connected directly to
> >> the router). Now, when I try to browse the web, i always get the
> >> squid error page saying that the url "/" cannot be retrieved. For
> >> example, going to www.google.com is translated as /.
> >> Any idea?
> >>
> >> Thanks,
> >> Luca
> >>
> >>
> > That sounds like a faulty squid configuration. What does squids
> > logfile say?
> >
> > Jen
> > -
> > To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: transparent proxy
2005-02-05 19:42 ` Adrian C.
@ 2005-02-05 20:22 ` Andreas Unterkircher
2005-02-05 20:47 ` Andreas Unterkircher
0 siblings, 1 reply; 6+ messages in thread
From: Andreas Unterkircher @ 2005-02-05 20:22 UTC (permalink / raw)
To: linux-admin; +Cc: Adrian C., Luca Ferrari
i'm currently using squid 2.5.7 from debian sid with ldap authentication
and redirectors (squidGuard and antivirus
scanning) - have no problem with this - also in transparent-proxy mode.
as far as i know you must (?) use these options in the squid.conf,
because squid has to passthru the http-headers
of the client - has something todo with http/1.1 I guess. more infos
you can find here:
http://squid-docs.sourceforge.net/latest/book-full.html#AEN2457
Andreas
Adrian C. wrote:
>Don't know why but all of my squid accel ateempts turned out pretty
>unstable (as in crash for no apparent reason). I have tried both squid
>2.5 and 3.0. Maybe you guys had more luck than me. Is there something
>i miss? Without the httpd_accel it works fine.
>
>--Adrian.
>
>
>On Sat, 05 Feb 2005 19:22:22 +0100, Andreas Unterkircher
><unki@netshadow.at> wrote:
>
>
>>Don't know if you still have this problem. But maybe you are missing
>>some lines in your squid configuration.
>>You must tell squid, that it should act als httpd accellerator...
>>
>>httpd_accel_host virtual
>>httpd_accel_port 80
>>httpd_accel_with_proxy on
>>httpd_accel_uses_host_header on
>>
>>Jens Knoell wrote:
>>
>>
>>
>>>Luca Ferrari wrote:
>>>
>>>
>>>
>>>>Hi,
>>>>I'm trying to use a machine as a transparent firewall/proxy, using
>>>>iptables as described in the transparent proxy mini howto:
>>>>iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
>>>>--to-port 8080
>>>>
>>>>where eth0 is my internal interface (eth1 is connected directly to
>>>>the router). Now, when I try to browse the web, i always get the
>>>>squid error page saying that the url "/" cannot be retrieved. For
>>>>example, going to www.google.com is translated as /.
>>>>Any idea?
>>>>
>>>>Thanks,
>>>>Luca
>>>>
>>>>
>>>>
>>>>
>>>That sounds like a faulty squid configuration. What does squids
>>>logfile say?
>>>
>>>Jen
>>>-
>>>To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>>>the body of a message to majordomo@vger.kernel.org
>>>More majordomo info at http://vger.kernel.org/majordomo-info.html
>>>
>>>
>>-
>>To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>>the body of a message to majordomo@vger.kernel.org
>>More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
>>
>>
>-
>To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: transparent proxy
2005-02-05 20:22 ` Andreas Unterkircher
@ 2005-02-05 20:47 ` Andreas Unterkircher
0 siblings, 0 replies; 6+ messages in thread
From: Andreas Unterkircher @ 2005-02-05 20:47 UTC (permalink / raw)
To: linux-admin; +Cc: Adrian C.
before someone asks - authentication naturally not working (and can't be
used) within transparent-proxy mode :)
Andreas Unterkircher wrote:
> i'm currently using squid 2.5.7 from debian sid with ldap
> authentication and redirectors (squidGuard and antivirus
> scanning) - have no problem with this - also in transparent-proxy mode.
>
> as far as i know you must (?) use these options in the squid.conf,
> because squid has to passthru the http-headers
> of the client - has something todo with http/1.1 I guess. more infos
> you can find here:
>
> http://squid-docs.sourceforge.net/latest/book-full.html#AEN2457
>
> Andreas
>
> Adrian C. wrote:
>
>> Don't know why but all of my squid accel ateempts turned out pretty
>> unstable (as in crash for no apparent reason). I have tried both squid
>> 2.5 and 3.0. Maybe you guys had more luck than me. Is there something
>> i miss? Without the httpd_accel it works fine.
>>
>> --Adrian.
>>
>>
>> On Sat, 05 Feb 2005 19:22:22 +0100, Andreas Unterkircher
>> <unki@netshadow.at> wrote:
>>
>>
>>> Don't know if you still have this problem. But maybe you are missing
>>> some lines in your squid configuration.
>>> You must tell squid, that it should act als httpd accellerator...
>>>
>>> httpd_accel_host virtual
>>> httpd_accel_port 80
>>> httpd_accel_with_proxy on
>>> httpd_accel_uses_host_header on
>>>
>>> Jens Knoell wrote:
>>>
>>>
>>>
>>>> Luca Ferrari wrote:
>>>>
>>>>
>>>>
>>>>> Hi,
>>>>> I'm trying to use a machine as a transparent firewall/proxy, using
>>>>> iptables as described in the transparent proxy mini howto:
>>>>> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
>>>>> --to-port 8080
>>>>>
>>>>> where eth0 is my internal interface (eth1 is connected directly to
>>>>> the router). Now, when I try to browse the web, i always get the
>>>>> squid error page saying that the url "/" cannot be retrieved. For
>>>>> example, going to www.google.com is translated as /.
>>>>> Any idea?
>>>>>
>>>>> Thanks,
>>>>> Luca
>>>>>
>>>>>
>>>>>
>>>>
>>>> That sounds like a faulty squid configuration. What does squids
>>>> logfile say?
>>>>
>>>> Jen
>>>> -
>>>> To unsubscribe from this list: send the line "unsubscribe
>>>> linux-admin" in
>>>> the body of a message to majordomo@vger.kernel.org
>>>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>>>
>>>
>>> -
>>> To unsubscribe from this list: send the line "unsubscribe
>>> linux-admin" in
>>> the body of a message to majordomo@vger.kernel.org
>>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>>
>>>
>>
>> -
>> To unsubscribe from this list: send the line "unsubscribe
>> linux-admin" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
>>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2005-02-05 20:47 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-02-03 12:30 transparent proxy Luca Ferrari
2005-02-03 15:58 ` Jens Knoell
2005-02-05 18:22 ` Andreas Unterkircher
2005-02-05 19:42 ` Adrian C.
2005-02-05 20:22 ` Andreas Unterkircher
2005-02-05 20:47 ` Andreas Unterkircher
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).