I'm once again attempting to get a transparent proxy running here. First, the problem: Forms that use the "GET" method (and conceivably the post method also, but I haven't checked) time out. eg, for google:
1045317375.516 1031 192.168.9.20 TCP_MISS/200 1746 GET http://www.google.com.au/ - DEFAULT_PARENT/129.78.64.5 text/html 1045317376.148 594 192.168.9.20 TCP_REFRESH_HIT/200 4671 GET http://www.google.com.au/images/hp0.gif - DEFAULT_PARENT/129.78.64.5 text/html 1045317376.382 800 192.168.9.20 TCP_REFRESH_HIT/200 3347 GET http://www.google.com.au/images/hp1.gif - DEFAULT_PARENT/129.78.64.5 text/html 1045317376.802 650 192.168.9.20 TCP_REFRESH_HIT/200 3096 GET http://www.google.com.au/images/hp2.gif - DEFAULT_PARENT/129.78.64.5 text/html 1045317377.052 666 192.168.9.20 TCP_REFRESH_HIT/200 1804 GET http://www.google.com.au/images/hp3.gif - DEFAULT_PARENT/129.78.64.5 text/html 1045317625.028 239153 192.168.9.20 TCP_MISS/504 1055 GET http://www.google.com.au/search? - NONE/- - (last line being the important one, sorry about that wrapping) Details: ISP block port 80 outgoing. ISP have proxy server, which does not respond to ICP queries (or at least, I can't find the port if it does). Have configured squid to use the ISP proxy like so: cache_peer ispproxy parent 8080 7 no-query default no-digest no-netdb-exchange I read somewhere that if you can't do ICP to set the ICP port to 7 (echo). Echo is blocked on the proxy server so I have an iptables rule to send all outgoing traffic for port 7 to the local xinetd, which does have echo enabled. I've set these options: httpd_accel_port 80 httpd_accel_host virtual httpd_accel_with_proxy on httpd_accel_uses_host_header on as per all the howtos I've found. I've also set the iptables rule to send outgoing traffic destined port 80 to squid. I found another poster to SLUG in the archives who had an almost identical problem. I didn't see a solution. Any ideas? Thanks, James. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
