Hi Roberto,
El 23/07/2014 20:54, Roberto O. Fernández Crisial escribió:
Hi guys,
I hope you're doing fine. I'm trying to intercept HTTP requests on
Squid 3.4.6 but I'm going crazy. Is there any http_port parameter
change between 3.1.10 and 3.4.6?
I have 3.1.10 working fine, here are the examples:
IPTABLES CONFIGURATION (Global config)
-A PREROUTING -s 10.1.0.0/16 -p tcp -m tcp --dport 80 -j DNAT
--to-destination SQUIDIP:3129
With Squid 3.1.10
SQUID CONF
http_port 3128 transparent
http_port 3129 intercept
START SQUID 3.1.10
2014/07/23 16:06:38| Accepting intercepted HTTP connections at
0.0.0.0:3128, FD 12.
2014/07/23 16:06:38| Accepting intercepted HTTP connections at
0.0.0.0:3129, FD 13.
CURL
curl http://www.ciudad.com.ar -x http://SQUIDIP:80
STRACE
accept(13, {sa_family=AF_INET, sin_port=htons(34330),
sin_addr=inet_addr("10.1.100.158")}, [16]) = 9
getsockname(9, {sa_family=AF_INET, sin_port=htons(3129),
sin_addr=inet_addr("SQUIDIP")}, [16]) = 0
connect(15, {sa_family=AF_INET6, sin6_port=htons(80),
inet_pton(AF_INET6, "::ffff:200.42.143.77", &sin6_addr),
sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 EINPROGRESS (Operation now
in progress)
STOP SQUID 3.1.10
Now with Squid 3.4.6
SQUID CONF
http_port 3128
http_port 3129 intercept
START SQUID 3.4.6
2014/07/23 16:06:05| Accepting HTTP Socket connections at
local=[::]:3128 remote=[::] FD 19 flags=9
2014/07/23 16:06:05| Accepting NAT intercepted HTTP Socket connections
at local=[::]:3129 remote=[::] FD 20 flags=41
CURL
curl http://www.ciudad.com.ar -x http://SQUIDIP:80
STRACE
accept(20, {sa_family=AF_INET6, sin6_port=htons(34428),
inet_pton(AF_INET6, "::ffff:10.1.100.158", &sin6_addr),
sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 8
getsockname(8, {sa_family=AF_INET6, sin6_port=htons(3129),
inet_pton(AF_INET6, "::ffff:SQUIDIP", &sin6_addr), sin6_flowinfo=0,
sin6_scope_id=0}, [28]) = 0
connect(10, {sa_family=AF_INET, sin_port=htons(80),
sin_addr=inet_addr("SQUIDIP")}, 16) = -1 EINPROGRESS (Operation now in
progress)
STOP SQUID 3.4.6
I see in Squid 3.4.6 the squid process tries to conect to itself on
port 80. With Squid 3.1.10 works fine (connets to reomte server). Any
ideas?
Thank you all in advance.
Best,
In my case I'm running v. 3.3.8, but I'm having the same issue than you.
The packets are correctly DNATed from the client to the squid box, but
once there, squid3 seems to try to connect to itself several times and
keeps adding its 'visible_hostname' to the Via header, causing a
forwarding loop.
I've followed these instructions to achieve it:
http://wiki.squid-cache.org/ConfigExamples/Intercept/AtSource
Recently, the document got updated adding a new iptables OUTPUT rule,
you could try and see if it works to you (it didn't work to me, though).
Regards,
Nicolás
