Re: [squid-users] Squid TPROXY issues with Google sites

From: Alex Rousskov > > You need to figure out why. Two common reasons are SSL-level errors and > http_access denials. Both should be reflected in access.log and > debugging cache.log. I finally found out it was an http_access

Re: [squid-users] Squid TPROXY issues with Google sites

On 05/28/2017 05:40 AM, Vieri wrote: > Please keep in mind that I'm basically an end-user, a sys-admin. I > wish I had the time to study Squid's source code. Nobody (certainly not me) has suggested anything that requires studying Squid source code. If you think that I have, you have

Re: [squid-users] Squid TPROXY issues with Google sites

Hi Alex et al., Thank you very much for your analysis and help. I really appreciate it. Please keep in mind that I'm basically an end-user, a sys-admin. I wish I had the time to study Squid's source code. All I can do for now is read the docs that so many people have kindly published. In 99%

Re: [squid-users] Squid TPROXY issues with Google sites

On 05/26/2017 05:22 PM, Vieri wrote: > If I have this: > > ssl_bump peek all > ssl_bump splice AllowTroublesome > ssl_bump bump all ... then you have a configuration that does not make sense because one cannot bump after peeking at step2. Your configuration is equivalent to * if the current

Re: [squid-users] Squid TPROXY issues with Google sites

On 27/05/17 03:44, Vieri wrote: Hi, I'd like to block access to Google Mail but allow it to Google Drive. I also need to intercept Google Drive traffic (https) and scan its content via c-icap modules for threats (with clamav and other tools which would block potentially harmful files). I've

Re: [squid-users] Squid TPROXY issues with Google sites

On 05/26/2017 09:44 AM, Vieri wrote: > I know that in TLS traffic there are only IP addresses This is a gross exaggeration. The reality is much more nuanced. > I added mail.google.com to a custom file named "denied.domains" and loaded as > denied_domains ACL in Squid. > [...] > acl

Re: [squid-users] Squid TPROXY issues with Google sites

Here is a list of google domains that may help you, http://www.squidblacklist.org/downloads/whitelists/google.domains On 5/26/2017 10:44 AM, Vieri wrote: Hi, I'd like to block access to Google Mail but allow it to Google Drive. I also need to intercept Google Drive traffic (https) and scan

[squid-users] Squid TPROXY issues with Google sites

Hi, I'd like to block access to Google Mail but allow it to Google Drive. I also need to intercept Google Drive traffic (https) and scan its content via c-icap modules for threats (with clamav and other tools which would block potentially harmful files). I've failed so far. I added

Re: [squid-users] Squid tproxy net unreachable

Thank you Amos. I have the following at squidguard: default { pass !porn !adv !drugs !custom any redirect http://localhost:10080/error.php } Which when squid in intercept mode the user is "redirected" to error page. I'm not sure if squidguard is rewriting or

Re: [squid-users] Squid tproxy net unreachable

On 14/05/17 01:59, Abi Askushi wrote: Hi, I have setup squid (v 3.1.20) with tproxy and relevant iptables and policy routes. It is functioning ok except one thing, squid is not able to redirect to deny page (located on same device) and it gives error "101 network unreachable". I have

[squid-users] Squid tproxy net unreachable

Hi, I have setup squid (v 3.1.20) with tproxy and relevant iptables and policy routes. It is functioning ok except one thing, squid is not able to redirect to deny page (located on same device) and it gives error "101 network unreachable". I have squidguard in the setup as a helper program and

Re: [squid-users] squid tproxy connection time out

also what about this topology? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-tproxy-connection-time-out-tp4681027p4681044.html Sent from the Squid - Users mailing list

Re: [squid-users] squid tproxy connection time out

hello, i had created the topology diagram as i get from your idea, does it that you mentioned? but, according to that my bgp and wireless points are connected to mikrotik router, i can not move squid to the end point...in this network, now and in exists network, i routed the client to the mikrotik

Re: [squid-users] squid tproxy connection time out

Hello, I think your problem is topology . I suggest change the position of squid so the mikrotik router stands between clients and squid box . Also assign a private ip address to your squid and also one ip from same range to your mikrotik router . Then try to mangle and route to that private ip

[squid-users] squid tproxy connection time out

hello masters I have a problem on the squid in tproxy mode and it is that squid return Error "110 connection the timeout." for all Requests on port 3129, which is related to tproxy Of course, by eliminating the code ip route add local 0.0.0.0/0 dev lo table 100 Problem solved, but in this case,

Re: [squid-users] squid tproxy

On 29/08/2015 5:27 a.m., Vieri wrote: Hi, [reposting a trimmed-down message] My goal is to allow lan users to access a greater number of sites if they explicitly configure the squid proxy server in their browsers and authenticate. If they don't then traffic to port 80 and 443 will be

[squid-users] squid tproxy

Hi, [reposting a trimmed-down message] My goal is to allow lan users to access a greater number of sites if they explicitly configure the squid proxy server in their browsers and authenticate. If they don't then traffic to port 80 and 443 will be transparently redirected to a squid proxy

[squid-users] squid tproxy web filtering intergration with DNS ?!

HI ALL , i have an idea , i have squid with tproxy and with squidguard . all we know that webfiltering is not strong becuase it needed to be updated frequently , i also have dns server inside , and i began to think how to strenthen the web filtering i found that if i configured my dns with

Re: [squid-users] Squid TPROXY and TCP_MISS/000 entries

On 22/04/2013 9:46 p.m., Marcin Czupryniak wrote: Hello all!, checking my logs from time to time I see that there are some requests which return the TCP_MISS/000 log code, I'm managing a medium sized Active-Standby transparent caching proxy (direct routing) which is handling around 100

Re: [squid-users] Squid TPROXY and TCP_MISS/000 entries

Hello all!, checking my logs from time to time I see that there are some requests which return the TCP_MISS/000 log code, I'm managing a medium sized Active-Standby transparent caching proxy (direct routing) which is handling around 100 requests per second (average on daily basis), I know

Re: [squid-users] Squid TPROXY and TCP_MISS/000 entries

On 20/04/2013 5:34 p.m., Marcin Czupryniak wrote: Hello all!, checking my logs from time to time I see that there are some requests which return the TCP_MISS/000 log code, I'm managing a medium sized Active-Standby transparent caching proxy (direct routing) which is handling around 100

[squid-users] Squid TPROXY and TCP_MISS/000 entries

Hello all!, checking my logs from time to time I see that there are some requests which return the TCP_MISS/000 log code, I'm managing a medium sized Active-Standby transparent caching proxy (direct routing) which is handling around 100 requests per second (average on daily basis), I know

[squid-users] Squid Tproxy WCCPV2 Centos

Guys I've been trying to build a solution using Squid in Centos, but there is something missing. the WCCPV2 service is adquired by the router, but after a while it stop redirecting the request, so I guest there is something missing at the gre config, could you send me a good example how

[squid-users] Squid TPROXY and Bonding LACP

Hello to all, since today I've started to replace my bonding mode from balance-alb to 802.3ad (finally got 2 new stackable switches!) and SQUID stopped to work... I've just replaced the bonding option mode=balance-alb to mode=802.3ad and several related, restarted the machine and boom! Squid is

Re: [squid-users] Squid TPROXY and Bonding LACP

On 11/6/2012 9:50 PM, Marcin Czupryniak wrote: Hello to all, since today I've started to replace my bonding mode from balance-alb to 802.3ad (finally got 2 new stackable switches!) and SQUID stopped to work... I've just replaced the bonding option mode=balance-alb to mode=802.3ad and several

[squid-users] Squid Tproxy in Bridge Mode - Static Routes

Hello, I have a transparent proxy squid server work in bridge mode and tproxy with two interfaces : LAN and WAN. My clients are reachable by LAN interface by a group of gateways (Router 1, Router 2..Router(n)) CLIENTS (Network1)ROUTER1

Re: [squid-users] Squid Tproxy in Bridge Mode - Static Routes

On 9/13/2012 6:17 PM, Ulises Nicolini wrote: Is possible create this routes dynamically when for example intercept the incoming traffic with iptables to redirect this to squid? Use static routes is very dificult to support, being necessary add or remove networks form squid server when my

[squid-users] squid tproxy in ipv6 enviroment.

Hi All; I'm trying to run squid tproxy feature in native ipv6 enviroment. It's a bridge deployed between core router and next router. Next thing to do for me will be add ds-lite traffic in this native ipv6 network. Squid complied correctly, but when trying to add ebtables rules got an error:

Re: [squid-users] squid tproxy in ipv6 enviroment.

W dniu 26-Jun-12 12:08, Pawel Mojski pisze: v6priv linux # ebtables -t broute -A BROUTING -i eth0 -p ipv6 --ip-proto tcp --ip-sport 80 -j redirect --redirect-target DROP For IP filtering the protocol must be specified as IPv4. Ok, I've found my mistake. I should use --ip6-proto and

Re: [squid-users] squid tproxy in ipv6 enviroment.

W dniu 26-Jun-12 13:40, Pawel Mojski pisze: W dniu 26-Jun-12 12:08, Pawel Mojski pisze: v6priv linux # ebtables -t broute -A BROUTING -i eth0 -p ipv6 --ip-proto tcp --ip-sport 80 -j redirect --redirect-target DROP For IP filtering the protocol must be specified as IPv4. Ok, I've found

Re: [squid-users] squid tproxy in ipv6 enviroment.

On 27.06.2012 00:14, Pawel Mojski wrote: W dniu 26-Jun-12 13:40, Pawel Mojski pisze: W dniu 26-Jun-12 12:08, Pawel Mojski pisze: v6priv linux # ebtables -t broute -A BROUTING -i eth0 -p ipv6 --ip-proto tcp --ip-sport 80 -j redirect --redirect-target DROP For IP filtering the protocol must

[squid-users] squid + tproxy is not working properly when using url_rewriter and local apache script for youtube caching

Hello there, I'm using squid transparent proxy for caching and I have also youtube caching done with url_rewrite and apache script running on same machine as squid. It was all working fine, until I decided to go with TPROXY, as it has many benefits. When I implemented the tproxy rules in

Re: [squid-users] squid + tproxy is not working properly when using url_rewriter and local apache script for youtube caching

On 19.04.2012 03:27, x-man wrote: Hello there, I'm using squid transparent proxy for caching and I have also youtube caching done with url_rewrite and apache script running on same machine as squid. It was all working fine, until I decided to go with TPROXY, as it has many benefits. When I

Re: [squid-users] SQUID TPROXY not working when URL is hosted on the same machine running SQUID

Hi Amos, Thanks a lot for your help. Your suggestion of redirecting using cache-peering worked. I did cache-peering with the same squid instance (on a different port) and from then on sent to our captive portal. That way, didnt have to change any URL rewriting logic. Best Regards, Vignesh On

Re: [squid-users] SQUID TPROXY not working when URL is hosted on the same machine running SQUID

On 6/03/2012 6:50 a.m., Vignesh Ramamurthy wrote: Hello, We are using squid to transparently proxy the traffic to a captive portal that is residing on the same machine as the squid server. The solution was working based on a NAT REDIRECT . We are moving the solution to TPROXY based now as part

Re: [squid-users] SQUID TPROXY option does not work when URL is on the same machine as SQUID

you need to add a the first rule such as: ip6tables -t mangle -A PREROUTING -p tcp -d (IP of the machine) --dport 80 -j ACCEPT = here all the other iptables rules = Regards Eliezer On 05/03/2012 20:09, Vignesh Ramamurthy wrote: Hello, We are using squid to transparently proxy the traffic to

[squid-users] SQUID TPROXY not working when URL is hosted on the same machine running SQUID

Hello, We are using squid to transparently proxy the traffic to a captive portal that is residing on the same machine as the squid server. The solution was working based on a NAT REDIRECT . We are moving the solution to TPROXY based now as part of migration to IPv6. The TPROXY works fine in

[squid-users] SQUID TPROXY option does not work when URL is on the same machine as SQUID

Hello, We are using squid to transparently proxy the traffic to a captive portal that is residing on the same machine as the squid server. The solution was working based on a NAT REDIRECT . We are moving the solution to TPROXY based now as part of migration to IPv6. The TPROXY works fine in

[squid-users] squid tproxy is not spoofing the client IP

I am trying to setup squid with tproxy. But I see that the client IP is not getting spoofed. Other stuffs work fine, i.e. squid listens on a transparent socket, but while creating the outgoing connection squid doesn't spoof the client IP. Below is my config file # acl manager

Re: [squid-users] squid tproxy

Hi Amos, Thanks for your kind response.As per your reply ,i set rp_filter value 2 .But no luck. And then i tried for bridge mode in that i can see traffic in tproxy iptables rules, but i m not getting requests in squid access.log my os : fedora 15 64 bit kernel: 2.6.40.4-5.fc15.x86_64 squid

Re: [squid-users] squid tproxy

Hi Amos, One input from my side. Current network is ISP network and they having BGP routed public ip pool.So does it has any conflict with them.? Because traffic comes into tproxy iptables rules means marking dones is good but requests are not coming into squid access.log. Best Regards,

[squid-users] squid tproxy

Hi All, I am trying to deploy squid with existing network for cache gain and tproxy feature.I configured squid properly there is no error.I can see traffic in access.log and iptables tproxy rule but at end users end they are getting squid error page with request time out. What could be the

Re: [squid-users] squid tproxy

On Fri, 23 Sep 2011 16:49:24 +0530, benjamin fernandis wrote: Hi All, I am trying to deploy squid with existing network for cache gain and tproxy feature.I configured squid properly there is no error.I can see traffic in access.log and iptables tproxy rule but at end users end they are

[squid-users] squid tproxy problem

Hi, I configured squid for tproxy feature in my network with bridge mode. I follow http://wiki.squid-cache.org/Features/Tproxy4 But I m not getting requests in access.log of squid. My configuration: cat /etc/squid/squid.conf # # Recommended minimum configuration: # acl manager proto

RE: [squid-users] squid tproxy

: [squid-users] squid tproxy Hi, Can we have contact information of Mr. Ritter for new config of squid tproxy with centos 6. Regards, Benajo

Re: [squid-users] squid tproxy

Hi, Can we have contact information of Mr. Ritter for new config of squid tproxy with centos 6. Regards, Benajo

Re: [squid-users] squid tproxy

On 02/08/11 17:22, benjamin fernandis wrote: Hi, I want to configure squid tproxy as external device.So for that what changes do i need to follow in iptables rule and policy routing from OS side? Current Lab setup: WAN ROUTER

[squid-users] squid tproxy

Hi, I want to configure squid tproxy as external device.So for that what changes do i need to follow in iptables rule and policy routing from OS side? Current Lab setup: WAN ROUTER |

Re: [squid-users] Squid + Tproxy + Bridge mode + squidguard

Hi Amos! I'm writing to thank you for give me the solution. I reconfigure squidguard to redirect with the 302 code as you can see below and now the redirecting the blocked sites is working ok in my proxy setup! Thank you very very much!! Squidguard.conf used now: dbhome /var/lib/squidguard

[squid-users] Squid + Tproxy + Bridge mode + squidguard

Hi all I'm new to the list and I decided to write here because I'm with a big trouble! I have installed an squid in bridge mode with tproxy support. Everything is working ok, but I'm using in the same squid proxy squidguard as an redirector. The problem is when the client try to access an url

Re: [squid-users] Squid + Tproxy + Bridge mode + squidguard

On 01/07/11 05:57, Francisco André Barbosa Neto wrote: Hi all I'm new to the list and I decided to write here because I'm with a big trouble! I have installed an squid in bridge mode with tproxy support. Everything is working ok, but I'm using in the same squid proxy squidguard as an

Re: [squid-users] Squid + Tproxy + Bridge mode + squidguard

+1200 To: squid-users@squid-cache.org Subject: Re: [squid-users] Squid + Tproxy + Bridge mode + squidguard On 01/07/11 05:57, Francisco André Barbosa Neto wrote: Hi all I'm new to the list and I decided to write here because I'm with a big trouble! I have installed an squid in bridge mode

Re: [squid-users] Squid + Tproxy + Bridge mode + squidguard

On 01/07/11 15:05, Francisco André Barbosa Neto wrote: Hi Amos! I will verify if the squidguard are returning the 3xx status tomorrow for sure, but about the tcp port 90, I've tried to is on port 80 too but the problem persists. Is it the same behavior in this case? All depends on the

Re: [squid-users] Squid TProxy Problem

Dear Amos, Hi As the documentation suggests, I have used the following rules, but except the first one, others fail: ip rule add fwmark 1 lookup 100 ip -f inet route add local 0.0.0.0/0 dev lo table 100 ip -f inet route add local 0.0.0.0/0 dev eth0 table 10 Any ideas? Warm Regards, Ali

Re: [squid-users] Squid TProxy Problem

Amos, Sorry for the typo; here are the rules: ip rule add fwmark 1 lookup 100 ip -f inet route add local 0.0.0.0/0 dev lo table 100 ip -f inet route add local 0.0.0.0/0 dev eth0 table 100 Warm Regards, Ali Majdzadeh Kohbanani 2011/6/11 Ali Majdzadeh ali.majdza...@gmail.com: Dear Amos, Hi As

Re: [squid-users] Squid TProxy Problem

On 08/06/11 22:53, Ali Majdzadeh wrote: Amos, Hi Thanks for your reply. The Squid box has only one NIC and it is connected to the internet via it's default gateway, I think I should have corrected our network diagram as follows: Internet- Gateway- Squid- Clients Does this configuration make

Re: [squid-users] Squid TProxy Problem

Amos, Thanks for your reply. As you had depicted in the diagrams, I think you meant that the clients and the Squid box are both connected to the gateway through the switch, didn't you? If it is so, yes, they are connected, but the default gateway for the clients is set to the IP address of the

Re: [squid-users] Squid TProxy Problem

Amos, The configuration is as follows: Internet - Squid - Clients Would you please clarify what you mean by declaring routing packets to the squid box? Does the above configuration conform to the so-called declaration? If it is so, what should be done to solve the issue? Thanks again. By the way,

Re: [squid-users] Squid TProxy Problem

On 08/06/11 01:15, Ali Majdzadeh wrote: Amos, The configuration is as follows: Internet- Squid- Clients Would you please clarify what you mean by declaring routing packets to the squid box? That the packets actually do get passed/routed through the squid box and not via some other possible

Re: [squid-users] Squid TProxy Problem

Amos, Hi Thanks for your reply. Ragarding the documentation, I have inserted the following routing rules: ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 Now, access.log is populated with proper logs, but clients can not surf the web, I mean the proxy server is unable

Re: [squid-users] Squid TProxy Problem

Amos, Hi The packet counter on -j TPROXY does not increment. So, why clients are able to surf the web? Warm Regards, Ali Majdzadeh Kohbanani 2011/6/6 Ali Majdzadeh ali.majdza...@gmail.com Amos, Hi Thanks for your reply. Ragarding the documentation, I have inserted the following routing

Re: [squid-users] Squid TProxy Problem

Amos, Sorry, the packet counter increments, I made a mistake, but still no logs either in access.log nor in cache.log. Warm Regards, Ali Majdzadeh Kohbanani 2011/6/6 Ali Majdzadeh ali.majdza...@gmail.com: Amos, Hi The packet counter on -j TPROXY does not increment. So, why clients are able

[squid-users] Squid TProxy Problem

Hello All, I have setup the following configuration: Squid (3.1.12) (--enable-linux-netfilter passed as the one and only configure option) Kernel (2.6.38.3) iptables (1.4.11) I have added the following two directives in squid.conf: http_port 3128 http_port 3129 tproxy Also, I have configured

Re: [squid-users] Squid TProxy Problem

On 06/06/11 06:32, Ali Majdzadeh wrote: Hello All, I have setup the following configuration: Squid (3.1.12) (--enable-linux-netfilter passed as the one and only configure option) Kernel (2.6.38.3) iptables (1.4.11) I have added the following two directives in squid.conf: http_port 3128

[squid-users] Squid, TPROXY and SquidGuard

Hi, all i've implemented squid with Tproxy and SquidGuard for transparent content filtering. squid conf: http_port 3129 tproxy redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf -d redirect_children 10

Re: [squid-users] Squid + Tproxy + Bridge on Kernel 2.6.34 - Workaround

Le mardi 25 mai 2010 23:21:39, senthilkumaar2021 a écrit : Hi, Squid + Tproxy + Bridge Setup on latest kernel - version 2.6.34 I had followed all the steps that had given in the http://wiki.squid-cache.org/Features/Tproxy4 Kernel - 2.6.34 iptable - 1.4.8 ebtable - 2.0.9-1 But

Re: [squid-users] Squid + Tproxy + Bridge on Kernel 2.6.34 - Workaround

On Tue, 15 Jun 2010 13:37:48 -0500, Luis Daniel Lucio Quiroz luis.daniel.lu...@gmail.com wrote: Le mardi 25 mai 2010 23:21:39, senthilkumaar2021 a écrit : Hi, Squid + Tproxy + Bridge Setup on latest kernel - version 2.6.34 I had followed all the steps that had given in the

Re: [squid-users] Squid + Tproxy + Bridge on Kernel 2.6.34 - Workaround

Hi The tproxy setup in bridge mode worked well as per in wiki squid till the kernel version 2.6.30.xx When we tested tproxy in bridge mode for kernels greater than 2.6.33.xx(2.6.34 also). The tproxy was not working.when the following workaround was used the tproxy was working fine. # ip

[squid-users] Squid + Tproxy + Bridge on Kernel 2.6.34 - Workaround

Hi, Squid + Tproxy + Bridge Setup on latest kernel - version 2.6.34 I had followed all the steps that had given in the http://wiki.squid-cache.org/Features/Tproxy4 Kernel - 2.6.34 iptable - 1.4.8 ebtable - 2.0.9-1 But clients were unable to browse and no errors in cache.log. Error - Network

Re: [squid-users] Squid-tproxy patch for squid 3.0

...@treenet.co.nz To: Vivek vivek...@aol.in Cc: squid-users@squid-cache.org Sent: Tue, 7 Apr 2009 12:17 pm Subject: Re: [squid-users] Squid-tproxy patch for squid 3.0 Vivek wrote: Hi All, I need squid tproxy patch for squid 3.0. I know squid 3.1 has the built

Re: [squid-users] Squid-tproxy patch for squid 3.0

Vivek wrote: Thanks Amos, We want Tproxy v4 support ( 2.6.28 kernel support) for squid 2.7. If we could get squid-3.0-tproxy patch from any achieves it would be very helpful for us to develop a patch for 2.7.. There no single patch just a large collection of incremental changes. The 2.7

Re: [squid-users] Squid-tproxy patch for squid 3.0

Cc: squid-users@squid-cache.org Sent: Tue, 7 Apr 2009 2:23 pm Subject: Re: [squid-users] Squid-tproxy patch for squid 3.0 Vivek wrote: Thanks Amos, We want Tproxy v4 support ( 2.6.28 kernel support) for squid 2.7. If we could get squid-3.0-tproxy patch from any achieves it would

[squid-users] Squid-tproxy patch for squid 3.0

Hi All, I need squid tproxy patch for squid 3.0. I know squid 3.1 has the built-in code for tproxy support. But i need the patch file. Where can i download the patch( Not kernel patch) squid-tproxy patch?. If anybody knows give the link. Regards Vivek

Re: [squid-users] Squid-tproxy patch for squid 3.0

Vivek wrote: Hi All, I need squid tproxy patch for squid 3.0. I know squid 3.1 has the built-in code for tproxy support. But i need the patch file. Where can i download the patch( Not kernel patch) squid-tproxy patch?. If anybody knows give the link. The patch I and others were

Re: [squid-users] squid TPROXY and empty access.log

On Wed, Mar 25, 2009 at 11:19 PM, Amos Jeffries squ...@treenet.co.nz wrote: Okay. It looks like the requests are not actually going through Squid. Thank you again for your reply. It seems strange. I know only that if I stop Squid process, the client behind Tproxy-Squid cannot reach any website.

Re: [squid-users] squid TPROXY and empty access.log

Jack Daniels wrote: On Wed, Mar 25, 2009 at 11:19 PM, Amos Jeffries squ...@treenet.co.nz wrote: Okay. It looks like the requests are not actually going through Squid. Thank you again for your reply. It seems strange. I know only that if I stop Squid process, the client behind Tproxy-Squid

Re: [squid-users] squid TPROXY and empty access.log

Jack Daniels wrote: Hello, I've a problem to log client request activities when Squid is in TPROXY mode. In squid.conf I have 'access_log /var/log/squid/access.log squid', this file is correctly created but results empty. # ls -la /var/log/squid/ -rw-r- 1 proxy proxy 0 24 mar 16:09

Re: [squid-users] squid TPROXY and empty access.log

On Wed, Mar 25, 2009 at 12:00 PM, Amos Jeffries squ...@treenet.co.nz wrote: Sounds like a bug, but there are a few things below you need to clear up before you can be sure its not them... Thank you for your fast reply. I tried your suggestion but it didn't work. Here some details: Obsolete

Re: [squid-users] squid TPROXY and empty access.log

On Wed, Mar 25, 2009 at 12:00 PM, Amos Jeffries squ...@treenet.co.nz wrote: Sounds like a bug, but there are a few things below you need to clear up before you can be sure its not them... Thank you for your fast reply. I tried your suggestion but it didn't work. Here some details:

[squid-users] squid TPROXY and empty access.log

Hello, I've a problem to log client request activities when Squid is in TPROXY mode. In squid.conf I have 'access_log /var/log/squid/access.log squid', this file is correctly created but results empty. # ls -la /var/log/squid/ -rw-r- 1 proxy proxy 0 24 mar 16:09 access.log -rw-r- 1

Re: [squid-users] Squid, tproxy, nat and multi-homed

From: Ming-Ching Tiew [EMAIL PROTECTED] But the fact is that as soon as I turn on squid directive, http_port 3128 tproxy transparent I will get private IP belonging to the original http web requestor appearing in the internet line - EVEN THOUGH - I do have a

Re: [squid-users] Squid, tproxy, nat and multi-homed

Would you mind filing a bugzilla report with all of this in it please? Thanks, Adrian On Tue, Oct 23, 2007, Ming-Ching Tiew wrote: From: Ming-Ching Tiew [EMAIL PROTECTED] But the fact is that as soon as I turn on squid directive, http_port 3128 tproxy transparent

[squid-users] Squid, tproxy, nat and multi-homed

I have a unique situation where I have a multi-homed machine running squid where I will need to do some kind of load balancing for outbound squid traffic. Well, if both the outgoing interface are nat-ed, things will be relatively easier, I will just do transparent proxy (without tproxy ). Since

Re: [squid-users] Squid, tproxy, nat and multi-homed

I have a unique situation where I have a multi-homed machine running squid where I will need to do some kind of load balancing for outbound squid traffic. Well, if both the outgoing interface are nat-ed, things will be relatively easier, I will just do transparent proxy (without tproxy ).

Re: [squid-users] Squid, tproxy, nat and multi-homed

From: Amos Jeffries [EMAIL PROTECTED] Thanks for the quick response :- Most common failure like this requires 'you need to patch the kernel', but it sounds like that's been done. Yupe this has been done. Next step is seeing what tcpdump shows about the two types of traffic. And

Re: [squid-users] Squid, tproxy, nat and multi-homed

From: Amos Jeffries [EMAIL PROTECTED] Thanks for the quick response :- Most common failure like this requires 'you need to patch the kernel', but it sounds like that's been done. Yupe this has been done. Next step is seeing what tcpdump shows about the two types of traffic. And

Re: [squid-users] Squid, tproxy, nat and multi-homed

From: Amos Jeffries [EMAIL PROTECTED] No not useless. The NAT should be symmetrically unmangling any mangled destination on incoming traffic. As far as NAT is concerned the client is the real requestor. You just need to be careful that the unmangling happens BEFORE the tproxy return