Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Transparent Squid proxy and iptables problems
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
mattwood2000
Tux's lil' helper
Tux's lil' helper


Joined: 13 Apr 2005
Posts: 146

PostPosted: Tue Jul 11, 2006 9:49 pm    Post subject: Transparent Squid proxy and iptables problems Reply with quote

I'm trying to set up squid on my home server transparently. I've followed the guides on doing this but something isnt working right. Squid works fine until I try to PREROUT port 80 and 443. Im not sure what Im doing wrong. I tried flusing my iptables and starting from scratch but still nothing. Here's what I have going.

Squid.conf:
Code:

http_port 3128
cache_mem 50 MB
visible_hostname woody_server
cache_dir ufs /tmp/cache/squid 7300 16 256
offline_mode off
maximum_object_size 102400 KB
reload_into_ims off
pipeline_prefetch on
acl my_network src 192.168.0.0/255.255.255.0
acl all src 0.0.0.0/0.0.0.0
http_access allow my_network
http_access deny all


For iptables I have done this for initial testing:
Code:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


If I set the proxy manually in firefox everything seems to work fine, but I really want it to be transparent. So leaving the proxy settings alone in firefox I issued the following according to the squid guide:

Code:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 192.168.0.1:3128
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to 192.168.0.1:3128


Now when I open firefox I get this:

Code:

ERROR
The requested URL could not be retrieved

While trying to process the request:

GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PREF=ID=2c16345e116e588f:TM=1149462806:LM=1149462806:S=PLUSqAzvBI5mw8Ql



The following error was encountered:

    * Invalid Request

Some aspect of the HTTP Request is invalid. Possible problems:

    * Missing or unknown request method
    * Missing URL
    * Missing HTTP Identifier (HTTP/1.0)
    * Request is too large
    * Content-Length missing for POST or PUT requests
    * Illegal character in hostname; underscores are not allowed

Your cache administrator is root.


Any ideas? Thanks. Matt
Back to top
View user's profile Send private message
daemonflower
Apprentice
Apprentice


Joined: 17 Jul 2004
Posts: 290

PostPosted: Tue Jul 11, 2006 10:02 pm    Post subject: Reply with quote

My iptables rule looks like this:
Code:
iptables -t nat -A PREROUTING -i ${INTERNAL_IFACE} -p tcp --dport 80 -j REDIRECT --to-port 3128
Small but maybe significant differences?

HTH
Back to top
View user's profile Send private message
mattwood2000
Tux's lil' helper
Tux's lil' helper


Joined: 13 Apr 2005
Posts: 146

PostPosted: Tue Jul 11, 2006 10:09 pm    Post subject: Reply with quote

Nope, that didnt work either, still the same error.
Back to top
View user's profile Send private message
mudrii
l33t
l33t


Joined: 26 Jun 2003
Posts: 789
Location: Singapore

PostPosted: Mon Nov 27, 2006 12:51 am    Post subject: Reply with quote

I have the same error how did you fix it ?
_________________
www.gentoo.ro
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum