Hi all, I was playing with a piece of code tonight that wanted to make http requests and wouldn't use a proxy and since port 80 outgoing from where I am is blocked I thought I'd setup transparent proxying finally. I thought this would be easy :)
I'll mention the prob first, in case it's an obvious one. In cache.log I'm seeing: 2002/10/02 02:01:12| WARNING: Forwarding loop detected for: GET /search?hl=en&ie=UTF-8&oe=UTF-8&q=stuff&btnG=Google+Search HTTP/1.0 User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020826 [...] in access.log I get: 1033488072.242 41 192.168.9.50 TCP_MISS/403 1045 GET http://www.google.com/search? - NONE/- - 1033488072.276 1467 192.168.9.50 TCP_MISS/403 1115 GET http://www.google.com/search? - DIRECT/216.239.51.101 text/html and in mozilla I see: ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://www.google.com/search? The following error was encountered: * Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. The setup is as follows. The firewall is on 192.168.9.50. It's running kernel 2.2, since as discussed previously here, 2.4 halves the speed of my connection. My proxy server is another computer - 192.168.9.10, and I'm on 192.168.9.1. I've set the following options in squid.conf: httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on And the following acls: http_access allow all http_access localhost http_access intranet icp_access allow all miss_access allow all now, since I don't have all the neat forwarding stuff in 2.4, I have an ssh tunnel running on my firewall that accepts all connections (with -g) on port 8080/tcp and sends them through the tunnel to the proxy server (I intend to replace this with something else later). The rules I'm using on my firewall to do the forwarding are: $IPCHAINS -A input -p TCP -d 127.0.0.1/32 80 -j ACCEPT $IPCHAINS -A input -p TCP -d 192.168.9.10/32 80 -j ACCEPT $IPCHAINS -A input -p TCP -d 192.168.9.50/32 80 -j ACCEPT $IPCHAINS -A input -p TCP -d any/0 80 -j REDIRECT 8080 Finally, I'm attempting to get this thing to forward connections on to usyd's proxy server with: cache_peer 129.78.64.5 parent 8080 7 no-query no-netdb-exchange (and since I'm not allowed to do ICP with them, there's another rule on the firewall to bounce ICP to it's local echo port) What am I doing wrong? Thanks, James. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
