| View previous topic :: View next topic |
| Author |
Message |
mattwood2000
Tux's lil' helper
Joined: 13 Apr 2005
Posts: 146
|
 Posted: Tue Jul 11, 2006 9:49 pm Post subject: Transparent Squid proxy and iptables problems |
 |
|
I'm trying to set up squid on my home server transparently. I've followed the guides on doing this but something isnt working right. Squid works fine until I try to PREROUT port 80 and 443. Im not sure what Im doing wrong. I tried flusing my iptables and starting from scratch but still nothing. Here's what I have going.
Squid.conf:
| Code: |
http_port 3128
cache_mem 50 MB
visible_hostname woody_server
cache_dir ufs /tmp/cache/squid 7300 16 256
offline_mode off
maximum_object_size 102400 KB
reload_into_ims off
pipeline_prefetch on
acl my_network src 192.168.0.0/255.255.255.0
acl all src 0.0.0.0/0.0.0.0
http_access allow my_network
http_access deny all
|
For iptables I have done this for initial testing:
| Code: |
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
If I set the proxy manually in firefox everything seems to work fine, but I really want it to be transparent. So leaving the proxy settings alone in firefox I issued the following according to the squid guide:
| Code: |
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 192.168.0.1:3128
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to 192.168.0.1:3128
|
Now when I open firefox I get this:
| Code: |
ERROR
The requested URL could not be retrieved
While trying to process the request:
GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PREF=ID=2c16345e116e588f:TM=1149462806:LM=1149462806:S=PLUSqAzvBI5mw8Ql
The following error was encountered:
* Invalid Request
Some aspect of the HTTP Request is invalid. Possible problems:
* Missing or unknown request method
* Missing URL
* Missing HTTP Identifier (HTTP/1.0)
* Request is too large
* Content-Length missing for POST or PUT requests
* Illegal character in hostname; underscores are not allowed
Your cache administrator is root.
|
Any ideas? Thanks. Matt |
|
| Back to top |
|
 |
daemonflower
Apprentice
Joined: 17 Jul 2004
Posts: 290
|
| Posted: Tue Jul 11, 2006 10:02 pm Post subject: |
|
|
My iptables rule looks like this: | Code: | | iptables -t nat -A PREROUTING -i ${INTERNAL_IFACE} -p tcp --dport 80 -j REDIRECT --to-port 3128 |
Small but maybe significant differences?
HTH |
|
| Back to top |
|
|
mattwood2000
Tux's lil' helper
Joined: 13 Apr 2005
Posts: 146
|
| Posted: Tue Jul 11, 2006 10:09 pm Post subject: |
|
|
| Nope, that didnt work either, still the same error. |
|
| Back to top |
|
|
mudrii
l33t
Joined: 26 Jun 2003
Posts: 789
Location: Singapore
|
| Posted: Mon Nov 27, 2006 12:51 am Post subject: |
|
|
I have the same error how did you fix it ?
_________________
www.gentoo.ro |
|
| Back to top |
|
|
|
Networking & Security
