Ok, I'll try to explain the scenario again and more detailed (I remark
that I'm using this guide which states that it should work for public IP
addresses: http://wiki.squid-cache.org/ConfigExamples/Intercept/AtSource):
Client side: Has public IP address A.B.C.D
Server side: Has public IP address E.F.G.H
On the client side, I added the following iptables rule:
iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT
--to-destination E.F.G.H:3128
On the server side, I just opened up the port 3128, this is the only one
rule:
iptables -I INPUT -s eth0 --dport 3128 -j ACCEPT
On the server side, there's a squid3 running with the default package
configuration, just two lines changing (though the 3127 port has nothing
to do with this example):
http_port 3128 intercept
http_port 0.0.0.0:3127
So, when I do a HTTP connection attempt on the client side, it is indeed
successfully redirected to E.F.G.H but the loop occours with these two
events in the log:
cache.log:
2014/07/17 21:05:02| WARNING: Forwarding loop detected for:
GET / HTTP/1.1
Host: google.es
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101
Firefox/24.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie:
PREF=ID=119a6e25e6eccb3b:U=95e37afd611b606e:FF=0:TM=1404500940:LM=1404513627:S=r7E-Xed2muOOp-ay;
NID=67=M5geOtyDtp5evLidOfam1uzfhl6likehxjXo7KcamK8c5jXptfx9zJc-5L7jhvYvnfTvtXYJ3yza7cE8fRq2x0iyVEHN9Pn2hz9urrC_Qt_xNH6IQCoT-3-eXTwb2h4f;
OGPC=5-25:
Pragma: no-cache
Via: 1.1 homeSecureProxy (squid/3.3.8)
X-Forwarded-For: A.B.C.D
Cache-Control: no-cache
Connection: keep-alive
access.log:
1405623902.957 0 A.B.C.D TCP_MISS/403 4300 GET
http://google.es/ - HIER_NONE/- text/html
1405623902.958 1 A.B.C.D TCP_MISS/403 4419 GET
http://google.es/ - HIER_DIRECT/E.F.G.H text/html
I also tried using a VPN connection between both the client and the
server, the result is exactly the same (just the public IPs change by
the VPN's private, obviously).
I hope I explained it better now, hope someone can help because this is
really driving me nuts :-(
Thanks.
El 17/07/2014 14:45, Eliezer Croitoru escribió:
On 07/17/2014 08:47 AM, Nicolás wrote:
Hi Eliezer,
This would be the output of your script. This is not CentOS so some
things have failed... and I just obscurated the public IP related data.
I tried adding the rule you proposed (as you may see in the output), but
unfortunately it made no difference, I'm still having the redirect loop.
I am yet not able to understand how do you use the proxy and how do
you connect to it.
The only way you can connect to your server is but I assume it will be
a tunnel\vpn connection.
How do you want to use your proxy?
It will be much simpler to understand the circumstances to the loop
rather then the loop itself (for me).
I think that we are missing something important in everything.
Can you just run "curl -I http://www.google.com"; from command line?
(and couple other addresses you are having issues with).
Eliezer
