In Squid 2.5, transparent proxying is done with a hack involving
httpd options, which are not explained well in the config file.
These options are not done by default, even in the -transparent
version, which means that reverting to an unmodified
configuration file leaves it in place.
In squid 3.0 transparency is handled differently.
The second problem has gone away, but two events occured almost
simultaneously. The first was that I got squid3 running. The
second is that our service provider replace the Cat 5 to Fiber
translator card, claiming that it was dropping some 10-15% of
packets going through it. I'm not clear why dropped packets
would affect files from partiular hosts, but until I can
reestablish the problem I consider this one closed.
Sherwood Botsford wrote:
I'm stumped.
I was in the process of upgrading squid to 3.0 stable to see if this
would deal with a bunch of other issues. I've managed to make squid
non-operational.
Normally this would be material for the squid list. And I've had it
posted there for several days, with no useful results.
So I went to the default troubleshooting system to make the most minimal
system that exhibits the problem. Further down you will find a list of
lines that were added to the default squid.conf file to make the problem
appear.
Now, the problem:
In accessing any web page, say
http://some.domain.com/path/to/file.html
squid replies with a bad URL message saying that it can't
retrieve /path/to/file.html. The http:// prefix and the domain name are
stripped out.
I've gone over my pf.conf file also, and have tried loading a prior
version of pf.conf labeled that it was a working copy from before. No
joy. The pf.conf rediretion is included below.
This started because certain files wouldn't
download. They would start, but would stall either immediately or
30K into the file. Same type of file would have no problems from
other sources. If I went to a computer outside our firewall,
there was no problem. I figured that before I asked the list for
help, I should have the courtesy of using the current release.
(3.0 Stable 1)
In mangling my file for the new version, I over mangled
it. (It complained about unknown options.)
Rolling back to the old version didn't help.
I've also destroyed and recreated the cache directories thinking
that it might be some subtle form of cache corruption.
I've uninstalled and reinstalled squid-2.5. (I know. That's a winsnooze
type thing to do. Grasping as straws.)
I'm a bit at a loss on where else to look.
******
Environment: Openbsd 3.9 with pf redirecting web requests to
squid.
Message posted to the squid list earlier.
kerberos# squid -v
Squid Cache: Version 2.5.STABLE12
configure options: --datadir=/usr/local/share/squid
'--enable-auth=basic digest' '--enable-basic-auth-helpers=NCSA
YP' --enable-digest-auth-helpers=password
'--enable-external-acl-helpers=ip_user unix_group'
'--enable-removal-policies=lru heap' --enable-ssl
'--enable-storeio=ufs diskd' --localstatedir=/var/squid
--enable-pf-transparent --prefix=/usr/local --sysconfdir=/etc
Starting from scratch with a copy of the default squid.conf file,
I can reproduce the problem with the following changes to the
default squid.conf file:
http_port 127.0.0.1:3128
cache_mem 64 MB
cache_dir ufs /opt/squidcache 100 10 60
acl our_networks src 192.168.1.0/24
http_access allow our_networks
Relevant section of pf.conf. Pixel should be 'any' but
this version limits the problem to a single host. All other
hosts are non-proxied. $lan is the internal interface.
# squid redirection
rdr on $lan inet proto tcp from pixel to any \
port www -> 127.0.0.1 port 3128
pass in quick on $lan inet proto tcp from any to 127.0.0.1 \
port 3128 keep state #label "web"
