When you type "hostname" on the command line of that server what shows up? localhost.localdomain
I am using virtual machine , and it is network setting is in bridge mode. squid transparent mode works with this hostname. 1) how you are testing it... you MUST test it by being a client which is intercpeted. Send your requests to port 80, *do not* send requests directly to the Squid listening port. for testing , in proxy setting of firefax , set http_proxy to 10.1.110.83 and port 3129 when I set port to 80 , brows pages without error but log file do not change , seems squid not doing anything. 2. the packet routing and TPROXY rules .... ensure that only traffic *from* the clients or *from* the Internet is being intercepted. Packets leaving Squid in either direction MUST NOT be intercepted back into your Squid I used these rules: iptables -t mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 On Sun, Jun 30, 2013 at 6:58 AM, Amos Jeffries <[email protected]> wrote: > > On 30/06/2013 7:54 a.m., z fazli wrote: >> >> my squid version is 3.3.2 and made a mistake when discribed >> >> about this part >> >> "localhost.localdomain" is in no way a unique name for your proxy. >> >> what is the problem? how can I solve it ? I followed steps from squid >> site and can not understand what is going wrong . can you help more? > > > When you type "hostname" on the command line of that server what shows up? > It should be a unique name for your server. In Linux it is configured in > /etc/hostname, if you use a GUI to configure it may be somewhere else. That > name needs to be registered in DNS and pointing at the machines IP > address(es), the IPs in turn need to be pointing at that hostname. Squid will > check these records when starting. > > You can avoid the DNS setup by using visible_hostname directive in > squid.conf. But note that on any Internet connected machine there are a lot > of software which may require the hostname to be setup in order to work > correctly. > > > If the forwarding loop errors remain after you have made your squid hostname > unique you will need to double-check: > 1) how you are testing it... you MUST test it by being a client which is > intercpeted. Send your requests to port 80, *do not* send requests directly > to the Squid listening port. > 2) the packet routing and TPROXY rules .... ensure that only traffic *from* > the clients or *from* the Internet is being intercepted. Packets leaving > Squid in either direction MUST NOT be intercepted back into your Squid. > > Amos > > >> On 6/28/13, Amos Jeffries wrote: >>> >>> On 29/06/2013 3:36 a.m., z fazli wrote: >>>> >>>> hi >>>> >>>> I have fedora 12 that upgraded it's kernel to 2.6.37 , and iptables >>>> 1.4.19 , i installed squid 3.2.2 in tproxy mod on it use steps from >>>> this link >>>> >>>> http://wiki.squid-cache.org/Features/Tproxy4#Feature:_TPROXY_version_4.1.2B-_Support >>>> >>>> everything seems ok but when I run squid and insert url in browser get >>>> this message >>>> >>>> >>>> ERROR >>>> The requested URL could not be retrieved >>>> >>>> The following error was encountered while trying to retrieve the URL: >>>> http://google.com/ >>>> >>>> Access Denied. >>>> >>>> Access control configuration prevents your request from being allowed >>>> at this time. Please contact your service provider if you feel this is >>>> incorrect. >>>> >>>> Your cache administrator is webmaster. >>>> >>>> Generated Tue, 25 Jun 2013 12:34:53 GMT by localhost.localdomain >>>> (squid/3.3.2) >>> >>> You say you installed 3.2.2 but some Squid-3.3.2 is responding to you. >>> Are you sure this is a message from your Squid? >>> >>>> and in terminal this message : >>>> >>>> 2013/06/26 14:55:35| WARNING: Forwarding loop detected for: >>>> POST >>>> /safebrowsing/downloads?client=navclient-auto-ffox&appver=3.5.4&pver=2.2&wrkey=AKEgNivruGNaM449DFDdRiYv81wyGtp5gMSMU4fMMS_g2YKGXmFhYZxbsymSyj14q22Xr7_cCx0nRwFKaCNyKKvMEev0WhcpRg== >>>> HTTP/1.1 >>>> Host: safebrowsing.clients.google.com >>>> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.4) >>>> Gecko/20091027 Fedora/3.5.4-1.fc12 Firefox/3.5.4 >>>> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 >>>> Accept-Language: en-us,en;q=0.5 >>>> Accept-Encoding: gzip,deflate >>>> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 >>>> Content-Length: 110 >>>> Content-Type: text/plain >>>> Cookie: >>>> PREF=ID=1b085458083db40f:U=8d54b4985abb086f:FF=0:TM=1371881983:LM=1371882262:S=gjQlM4Sqrueu3KHq; >>>> NID=67=YXYmGeg68fPjuU2-QOne46eStjqotGcE0AZTiWmbRXT2klqJYDLayVduleh1HnEFN-CyfZSTsgJABBKwm3dAP3Cvxi8_yZRnIE5zQSYScyHMc03Tz-37Mu8vur3WU4yH >>>> Via: 1.1 localhost.localdomain (squid/3.3.2) >>>> X-Forwarded-For: 10.1.110.83 >>>> Cache-Control: max-age=0 >>>> Connection: keep-alive >>> >>> <snip> >>>> >>>> also this in my squid access log >>>> >>>> 1372164328.471 0 10.1.110.83 TCP_MISS/403 4642 POST >>>> http://safebrowsing.clients.google.com/safebrowsing/downloads? - >>>> HIER_NONE/- text/html >>>> 1372164328.471 3 10.1.110.83 TCP_MISS/403 4725 POST >>>> http://safebrowsing.clients.google.com/safebrowsing/downloads? - >>>> HIER_DIRECT/10.1.110.83 text/html >>> >>> <snip> >>>> >>>> what is the problem? >>> >>> The DNS records for "safebrowsing.clients.google.com" (aka DIRECT) tell >>> Squid that safebrowsing.clients.google.com is located at 10.1.110.83 ... >>> >>> ... take a guess. >>> >>> Secondly. The whole purpose of having a hostname assigned to each >>> machine is to allow automated systems like forwarding loop detection to >>> determine the difference between any two hosts on the *entire* Internet. >>> Combining the host name with the site domain name produces a FQDN which >>> is unique. "localhost.localdomain" is in no way a unique name for your >>> proxy. >>> >>> Amos >>> >
