transparent proxy

Hi,
I'm trying to use a machine as a transparent firewall/proxy, using iptables as
described in the transparent proxy mini howto:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port
8080

where eth0 is my internal interface (eth1 is connected directly to the
router). Now, when I try to browse the web, i always get the squid error page
saying that the url "/" cannot be retrieved. For example, going to
www.google.com is translated as /.
Any idea?

Thanks,
Luca
--
Luca Ferrari,
fluca1978@infinito.it


-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: transparent proxy

Luca Ferrari wrote:

>Hi,
>I'm trying to use a machine as a transparent firewall/proxy, using iptables as
>described in the transparent proxy mini howto:
>iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port
>8080
>
>where eth0 is my internal interface (eth1 is connected directly to the
>router). Now, when I try to browse the web, i always get the squid error page
>saying that the url "/" cannot be retrieved. For example, going to
>www.google.com is translated as /.
>Any idea?
>
>Thanks,
>Luca
>
>
That sounds like a faulty squid configuration. What does squids logfile say?

Jen
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: transparent proxy

Don't know if you still have this problem. But maybe you are missing
some lines in your squid configuration.
You must tell squid, that it should act als httpd accellerator...

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Jens Knoell wrote:

> Luca Ferrari wrote:
>
>> Hi,
>> I'm trying to use a machine as a transparent firewall/proxy, using
>> iptables as described in the transparent proxy mini howto:
>> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
>> --to-port 8080
>>
>> where eth0 is my internal interface (eth1 is connected directly to
>> the router). Now, when I try to browse the web, i always get the
>> squid error page saying that the url "/" cannot be retrieved. For
>> example, going to www.google.com is translated as /.
>> Any idea?
>>
>> Thanks,
>> Luca
>>
>>
> That sounds like a faulty squid configuration. What does squids
> logfile say?
>
> Jen
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: transparent proxy

Don't know why but all of my squid accel ateempts turned out pretty
unstable (as in crash for no apparent reason). I have tried both squid
2.5 and 3.0. Maybe you guys had more luck than me. Is there something
i miss? Without the httpd_accel it works fine.

--Adrian.


On Sat, 05 Feb 2005 19:22:22 +0100, Andreas Unterkircher
wrote:
> Don't know if you still have this problem. But maybe you are missing
> some lines in your squid configuration.
> You must tell squid, that it should act als httpd accellerator...
>
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
>
> Jens Knoell wrote:
>
> > Luca Ferrari wrote:
> >
> >> Hi,
> >> I'm trying to use a machine as a transparent firewall/proxy, using
> >> iptables as described in the transparent proxy mini howto:
> >> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
> >> --to-port 8080
> >>
> >> where eth0 is my internal interface (eth1 is connected directly to
> >> the router). Now, when I try to browse the web, i always get the
> >> squid error page saying that the url "/" cannot be retrieved. For
> >> example, going to www.google.com is translated as /.
> >> Any idea?
> >>
> >> Thanks,
> >> Luca
> >>
> >>
> > That sounds like a faulty squid configuration. What does squids
> > logfile say?
> >
> > Jen
> > -
> > To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: transparent proxy

i'm currently using squid 2.5.7 from debian sid with ldap authentication
and redirectors (squidGuard and antivirus
scanning) - have no problem with this - also in transparent-proxy mode.

as far as i know you must (?) use these options in the squid.conf,
because squid has to passthru the http-headers
of the client - has something todo with http/1.1 I guess. more infos
you can find here:

http://squid-docs.sourceforge.net/latest/book-full.html#AEN2 457

Andreas

Adrian C. wrote:

>Don't know why but all of my squid accel ateempts turned out pretty
>unstable (as in crash for no apparent reason). I have tried both squid
>2.5 and 3.0. Maybe you guys had more luck than me. Is there something
>i miss? Without the httpd_accel it works fine.
>
>--Adrian.
>
>
>On Sat, 05 Feb 2005 19:22:22 +0100, Andreas Unterkircher
> wrote:
>
>
>>Don't know if you still have this problem. But maybe you are missing
>>some lines in your squid configuration.
>>You must tell squid, that it should act als httpd accellerator...
>>
>>httpd_accel_host virtual
>>httpd_accel_port 80
>>httpd_accel_with_proxy on
>>httpd_accel_uses_host_header on
>>
>>Jens Knoell wrote:
>>
>>
>>
>>>Luca Ferrari wrote:
>>>
>>>
>>>
>>>>Hi,
>>>>I'm trying to use a machine as a transparent firewall/proxy, using
>>>>iptables as described in the transparent proxy mini howto:
>>>>iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
>>>>--to-port 8080
>>>>
>>>>where eth0 is my internal interface (eth1 is connected directly to
>>>>the router). Now, when I try to browse the web, i always get the
>>>>squid error page saying that the url "/" cannot be retrieved. For
>>>>example, going to www.google.com is translated as /.
>>>>Any idea?
>>>>
>>>>Thanks,
>>>>Luca
>>>>
>>>>
>>>>
>>>>
>>>That sounds like a faulty squid configuration. What does squids
>>>logfile say?
>>>
>>>Jen
>>>-
>>>To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>>>the body of a message to majordomo@vger.kernel.org
>>>More majordomo info at http://vger.kernel.org/majordomo-info.html
>>>
>>>
>>-
>>To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>>the body of a message to majordomo@vger.kernel.org
>>More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
>>
>>
>-
>To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: transparent proxy

before someone asks - authentication naturally not working (and can't be
used) within transparent-proxy mode :)

Andreas Unterkircher wrote:

> i'm currently using squid 2.5.7 from debian sid with ldap
> authentication and redirectors (squidGuard and antivirus
> scanning) - have no problem with this - also in transparent-proxy mode.
>
> as far as i know you must (?) use these options in the squid.conf,
> because squid has to passthru the http-headers
> of the client - has something todo with http/1.1 I guess. more infos
> you can find here:
>
> http://squid-docs.sourceforge.net/latest/book-full.html#AEN2 457
>
> Andreas
>
> Adrian C. wrote:
>
>> Don't know why but all of my squid accel ateempts turned out pretty
>> unstable (as in crash for no apparent reason). I have tried both squid
>> 2.5 and 3.0. Maybe you guys had more luck than me. Is there something
>> i miss? Without the httpd_accel it works fine.
>>
>> --Adrian.
>>
>>
>> On Sat, 05 Feb 2005 19:22:22 +0100, Andreas Unterkircher
>> wrote:
>>
>>
>>> Don't know if you still have this problem. But maybe you are missing
>>> some lines in your squid configuration.
>>> You must tell squid, that it should act als httpd accellerator...
>>>
>>> httpd_accel_host virtual
>>> httpd_accel_port 80
>>> httpd_accel_with_proxy on
>>> httpd_accel_uses_host_header on
>>>
>>> Jens Knoell wrote:
>>>
>>>
>>>
>>>> Luca Ferrari wrote:
>>>>
>>>>
>>>>
>>>>> Hi,
>>>>> I'm trying to use a machine as a transparent firewall/proxy, using
>>>>> iptables as described in the transparent proxy mini howto:
>>>>> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
>>>>> --to-port 8080
>>>>>
>>>>> where eth0 is my internal interface (eth1 is connected directly to
>>>>> the router). Now, when I try to browse the web, i always get the
>>>>> squid error page saying that the url "/" cannot be retrieved. For
>>>>> example, going to www.google.com is translated as /.
>>>>> Any idea?
>>>>>
>>>>> Thanks,
>>>>> Luca
>>>>>
>>>>>
>>>>>
>>>>
>>>> That sounds like a faulty squid configuration. What does squids
>>>> logfile say?
>>>>
>>>> Jen
>>>> -
>>>> To unsubscribe from this list: send the line "unsubscribe
>>>> linux-admin" in
>>>> the body of a message to majordomo@vger.kernel.org
>>>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>>>
>>>
>>> -
>>> To unsubscribe from this list: send the line "unsubscribe
>>> linux-admin" in
>>> the body of a message to majordomo@vger.kernel.org
>>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>>
>>>
>>
>> -
>> To unsubscribe from this list: send the line "unsubscribe
>> linux-admin" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
>>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html