View previous topic :: View next topic |
Author |
Message |
mattwood2000 Tux's lil' helper

Joined: 13 Apr 2005 Posts: 146
|
Posted: Tue Jul 11, 2006 9:49 pm Post subject: Transparent Squid proxy and iptables problems |
|
|
I'm trying to set up squid on my home server transparently. I've followed the guides on doing this but something isnt working right. Squid works fine until I try to PREROUT port 80 and 443. Im not sure what Im doing wrong. I tried flusing my iptables and starting from scratch but still nothing. Here's what I have going.
Squid.conf:
Code: |
http_port 3128
cache_mem 50 MB
visible_hostname woody_server
cache_dir ufs /tmp/cache/squid 7300 16 256
offline_mode off
maximum_object_size 102400 KB
reload_into_ims off
pipeline_prefetch on
acl my_network src 192.168.0.0/255.255.255.0
acl all src 0.0.0.0/0.0.0.0
http_access allow my_network
http_access deny all
|
For iptables I have done this for initial testing:
Code: |
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
If I set the proxy manually in firefox everything seems to work fine, but I really want it to be transparent. So leaving the proxy settings alone in firefox I issued the following according to the squid guide:
Code: |
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 192.168.0.1:3128
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to 192.168.0.1:3128
|
Now when I open firefox I get this:
Code: |
ERROR
The requested URL could not be retrieved
While trying to process the request:
GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PREF=ID=2c16345e116e588f:TM=1149462806:LM=1149462806:S=PLUSqAzvBI5mw8Ql
The following error was encountered:
* Invalid Request
Some aspect of the HTTP Request is invalid. Possible problems:
* Missing or unknown request method
* Missing URL
* Missing HTTP Identifier (HTTP/1.0)
* Request is too large
* Content-Length missing for POST or PUT requests
* Illegal character in hostname; underscores are not allowed
Your cache administrator is root.
|
Any ideas? Thanks. Matt |
|
Back to top |
|
 |
daemonflower Apprentice


Joined: 17 Jul 2004 Posts: 290
|
Posted: Tue Jul 11, 2006 10:02 pm Post subject: |
|
|
My iptables rule looks like this: Code: | iptables -t nat -A PREROUTING -i ${INTERNAL_IFACE} -p tcp --dport 80 -j REDIRECT --to-port 3128 | Small but maybe significant differences?
HTH |
|
Back to top |
|
 |
mattwood2000 Tux's lil' helper

Joined: 13 Apr 2005 Posts: 146
|
Posted: Tue Jul 11, 2006 10:09 pm Post subject: |
|
|
Nope, that didnt work either, still the same error. |
|
Back to top |
|
 |
mudrii l33t

Joined: 26 Jun 2003 Posts: 789 Location: Singapore
|
Posted: Mon Nov 27, 2006 12:51 am Post subject: |
|
|
I have the same error how did you fix it ? _________________ www.gentoo.ro |
|
Back to top |
|
 |
|