On 23 January 2015 at 16:29, Amos Jeffries <squ...@treenet.co.nz> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 24/01/2015 2:13 a.m., Odhiambo Washington wrote: > > On 23 January 2015 at 15:47, Yuri Voinov <yvoi...@gmail.com> > > wrote: > > > >> > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > >> > >> Once more. You CANNOT have neither web-server nor other service > >> with listening port 80 on the same host as transparent Squid > >> proxy. This is one and only reason you have looping. > >> > >> Look. On my transparent 3.4.11 (which was early 2.7) IPFilter > >> redirects 80 port to proxy. My web server on the same host > >> listens only 8080, 8088 and 8888 ports. No one service except NAT > >> is using 80 port. > >> > >> And finally I have no looping 4 years. > >> > >> Obvious, is it? > >> > >> > > Not so obvious. > > > > I have a several servers with Apache listening on 80,443 which > > don't have this problem! I can give you access to one of them to > > see for yourself if you need to believe. > > > > Anyway, this still doesn't help me. After changing my apache to > > port 8080 and firing up squid-3.5.1, I get access denied for all > > requests: http://pastebin.com/1fMSE1U9 > > > > > Aha, here is the heart of problem: > > 2015/01/23 15:59:34.455| client_side.cc(2320) parseHttpRequest: HTTP > Client local=127.0.0.1:13128 remote=192.168.2.165:54234 FD 14 flags=33 > > > The local= value shows what the machine NAT system told Squid the > original destination IP of the client connection was. > > Resulting in the to_localhost ACL denying the client access through > the proxy. > > So the simple solution would be to change what in my squid.conf - http://pastebin.com/L16cDmRp -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users