transparent proxy

transparent proxy

[Luca Ferrari]

Hi,
I'm trying to use a machine as a transparent firewall/proxy, using iptables as 
described in the transparent proxy mini howto:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 
8080

where eth0 is my internal interface (eth1 is connected directly to the 
router). Now, when I try to browse the web, i always get the squid error page 
saying that the url "/" cannot be retrieved. For example, going to 
www.google.com is translated as /.
Any idea?

Thanks,
Luca
-- 
Luca Ferrari,
fluca1978@infinito.it

Re: transparent proxy

[Jens Knoell]

Luca Ferrari wrote:

>Hi,
>I'm trying to use a machine as a transparent firewall/proxy, using iptables as 
>described in the transparent proxy mini howto:
>iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 
>8080
>
>where eth0 is my internal interface (eth1 is connected directly to the 
>router). Now, when I try to browse the web, i always get the squid error page 
>saying that the url "/" cannot be retrieved. For example, going to 
>www.google.com is translated as /.
>Any idea?
>
>Thanks,
>Luca
>  
>
That sounds like a faulty squid configuration. What does squids logfile say?

Jen

Re: transparent proxy

[Andreas Unterkircher]

Don't know if you still have this problem. But maybe you are missing 
some lines in your squid configuration.
You must tell squid, that it should act als httpd accellerator...

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
         
Jens Knoell wrote:

> Luca Ferrari wrote:
>
>> Hi,
>> I'm trying to use a machine as a transparent firewall/proxy, using 
>> iptables as described in the transparent proxy mini howto:
>> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT 
>> --to-port 8080
>>
>> where eth0 is my internal interface (eth1 is connected directly to 
>> the router). Now, when I try to browse the web, i always get the 
>> squid error page saying that the url "/" cannot be retrieved. For 
>> example, going to www.google.com is translated as /.
>> Any idea?
>>
>> Thanks,
>> Luca
>>  
>>
> That sounds like a faulty squid configuration. What does squids 
> logfile say?
>
> Jen
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: transparent proxy

[Adrian C.]

Don't know why but all of my squid accel ateempts turned out pretty
unstable (as in crash for no apparent reason). I have tried both squid
2.5 and 3.0. Maybe you guys had more luck than me. Is there something
i miss? Without the httpd_accel it works fine.

--Adrian.


On Sat, 05 Feb 2005 19:22:22 +0100, Andreas Unterkircher
<unki@netshadow.at> wrote:
> Don't know if you still have this problem. But maybe you are missing
> some lines in your squid configuration.
> You must tell squid, that it should act als httpd accellerator...
> 
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
> 
> Jens Knoell wrote:
> 
> > Luca Ferrari wrote:
> >
> >> Hi,
> >> I'm trying to use a machine as a transparent firewall/proxy, using
> >> iptables as described in the transparent proxy mini howto:
> >> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
> >> --to-port 8080
> >>
> >> where eth0 is my internal interface (eth1 is connected directly to
> >> the router). Now, when I try to browse the web, i always get the
> >> squid error page saying that the url "/" cannot be retrieved. For
> >> example, going to www.google.com is translated as /.
> >> Any idea?
> >>
> >> Thanks,
> >> Luca
> >>
> >>
> > That sounds like a faulty squid configuration. What does squids
> > logfile say?
> >
> > Jen
> > -
> > To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Re: transparent proxy

[Andreas Unterkircher]

i'm currently using squid 2.5.7 from debian sid with ldap authentication 
and redirectors (squidGuard and antivirus
scanning) - have no problem with this - also in transparent-proxy mode.

as far as i know you must (?) use these options in the squid.conf, 
because squid has to passthru the http-headers
of the client - has something todo with http/1.1 I  guess. more infos 
you can find here:

http://squid-docs.sourceforge.net/latest/book-full.html#AEN2457

Andreas

Adrian C. wrote:

>Don't know why but all of my squid accel ateempts turned out pretty
>unstable (as in crash for no apparent reason). I have tried both squid
>2.5 and 3.0. Maybe you guys had more luck than me. Is there something
>i miss? Without the httpd_accel it works fine.
>
>--Adrian.
>
>
>On Sat, 05 Feb 2005 19:22:22 +0100, Andreas Unterkircher
><unki@netshadow.at> wrote:
>  
>
>>Don't know if you still have this problem. But maybe you are missing
>>some lines in your squid configuration.
>>You must tell squid, that it should act als httpd accellerator...
>>
>>httpd_accel_host virtual
>>httpd_accel_port 80
>>httpd_accel_with_proxy on
>>httpd_accel_uses_host_header on
>>
>>Jens Knoell wrote:
>>
>>    
>>
>>>Luca Ferrari wrote:
>>>
>>>      
>>>
>>>>Hi,
>>>>I'm trying to use a machine as a transparent firewall/proxy, using
>>>>iptables as described in the transparent proxy mini howto:
>>>>iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
>>>>--to-port 8080
>>>>
>>>>where eth0 is my internal interface (eth1 is connected directly to
>>>>the router). Now, when I try to browse the web, i always get the
>>>>squid error page saying that the url "/" cannot be retrieved. For
>>>>example, going to www.google.com is translated as /.
>>>>Any idea?
>>>>
>>>>Thanks,
>>>>Luca
>>>>
>>>>
>>>>        
>>>>
>>>That sounds like a faulty squid configuration. What does squids
>>>logfile say?
>>>
>>>Jen
>>>-
>>>To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>>>the body of a message to majordomo@vger.kernel.org
>>>More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>>      
>>>
>>-
>>To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>>the body of a message to majordomo@vger.kernel.org
>>More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>
>>    
>>
>-
>To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at  http://vger.kernel.org/majordomo-info.html
>  
>

Re: transparent proxy

[Andreas Unterkircher]

before someone asks - authentication naturally not working (and can't be 
used) within transparent-proxy mode :)

Andreas Unterkircher wrote:

> i'm currently using squid 2.5.7 from debian sid with ldap 
> authentication and redirectors (squidGuard and antivirus
> scanning) - have no problem with this - also in transparent-proxy mode.
>
> as far as i know you must (?) use these options in the squid.conf, 
> because squid has to passthru the http-headers
> of the client - has something todo with http/1.1 I  guess. more infos 
> you can find here:
>
> http://squid-docs.sourceforge.net/latest/book-full.html#AEN2457
>
> Andreas
>
> Adrian C. wrote:
>
>> Don't know why but all of my squid accel ateempts turned out pretty
>> unstable (as in crash for no apparent reason). I have tried both squid
>> 2.5 and 3.0. Maybe you guys had more luck than me. Is there something
>> i miss? Without the httpd_accel it works fine.
>>
>> --Adrian.
>>
>>
>> On Sat, 05 Feb 2005 19:22:22 +0100, Andreas Unterkircher
>> <unki@netshadow.at> wrote:
>>  
>>
>>> Don't know if you still have this problem. But maybe you are missing
>>> some lines in your squid configuration.
>>> You must tell squid, that it should act als httpd accellerator...
>>>
>>> httpd_accel_host virtual
>>> httpd_accel_port 80
>>> httpd_accel_with_proxy on
>>> httpd_accel_uses_host_header on
>>>
>>> Jens Knoell wrote:
>>>
>>>   
>>>
>>>> Luca Ferrari wrote:
>>>>
>>>>     
>>>>
>>>>> Hi,
>>>>> I'm trying to use a machine as a transparent firewall/proxy, using
>>>>> iptables as described in the transparent proxy mini howto:
>>>>> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
>>>>> --to-port 8080
>>>>>
>>>>> where eth0 is my internal interface (eth1 is connected directly to
>>>>> the router). Now, when I try to browse the web, i always get the
>>>>> squid error page saying that the url "/" cannot be retrieved. For
>>>>> example, going to www.google.com is translated as /.
>>>>> Any idea?
>>>>>
>>>>> Thanks,
>>>>> Luca
>>>>>
>>>>>
>>>>>       
>>>>
>>>> That sounds like a faulty squid configuration. What does squids
>>>> logfile say?
>>>>
>>>> Jen
>>>> -
>>>> To unsubscribe from this list: send the line "unsubscribe 
>>>> linux-admin" in
>>>> the body of a message to majordomo@vger.kernel.org
>>>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>>>     
>>>
>>> -
>>> To unsubscribe from this list: send the line "unsubscribe 
>>> linux-admin" in
>>> the body of a message to majordomo@vger.kernel.org
>>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>>
>>>   
>>
>> -
>> To unsubscribe from this list: send the line "unsubscribe 
>> linux-admin" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>  
>>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html