Assalam o Alaikum!

I am facing problem in transparent proxy with squid 3.1:

PC1: eth0: connected directly to internet having ip 192.168.1.111
eth1: connected to internal network having ip 192.168.2.111

PC2 eth1: 192.168.2.18

PC 1: having squid. I added there following iptables rules:

iptables -t nat -A PREROUTING -i eth1 -p tcp –dport 80 -j REDIRECT –to-port 3128
iptables -I INPUT 4 -p tcp –dport 3128 -m state –state NEW,ESTABLISHED -j ACCEPT
service iptables save
echo 1 > /proc/sys/net/ipv4/ip_forward

PC2:
Browser --->> www.google.com
Proxy server is refusing connections.


I have attached squid.conf in txt format please guide me. thanks

Attached Files

squid.txt (2.8 KB, 40 views)

Hi,

Your internal network is 192.168.2.0/24.

The '/24' means that the subnet is the first 24 bit's. each number is an unsigned char (0-255) so 8 bit's each so the first 3 numbers define the network (3*8=24).

Try changing this line:
to:

1 members found this post helpful.

Ok. I have done this but still same problem

Did you restart squid?

Yes dear

Turn debugging on and it will tell you which acl is rejecting it: http://wiki.squid-cache.org/SquidFaq...ork.21__why.3F

Ok i have written this line in squid.conf debug_options ALL,1 33,2 28,9,

then tail -f /var/log/squid/cache.log > cache.log.txt

service squid restart

I have attached cache,log.txt here. kindly review this. thanks

Attached Files

cache.log.txt (21.4 KB, 28 views)

Ooo interesting.....

It looks like the NAT is eating the source address. the log is only talking about:
So going from memory, to fix this you need to use a dnat.
change your nat to this:

Thanks, but no success. I tried your said iptable rule. One addition thing I added in squid.conf: http_port 3128 transparent

I added "transparent". So

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.111:3128

tail -f /var/log/squid/cache.log > cache.log.txt2

service squid restart

I am unable to attach log so copying here only useful portion of log. I found this line in log:Accepting intercepted HTTP connections at 0.0.0.0:3128,

I think problem is related above line, how to avoid this?

Cache.log:

2012/06/22 07:05:22| Starting Squid Cache version 3.1.16 for i386-redhat-linux-gnu...
2012/06/22 07:05:22| Process ID 2623
2012/06/22 07:05:22| With 1024 file descriptors available
2012/06/22 07:05:22| Initializing IP Cache...
2012/06/22 07:05:22| DNS Socket created at [::], FD 7
2012/06/22 07:05:22| DNS Socket created at 0.0.0.0, FD 8
2012/06/22 07:05:22| Adding domain exp1.com from /etc/resolv.conf
2012/06/22 07:05:22| Adding nameserver 192.168.1.1 from /etc/resolv.conf
2012/06/22 07:05:22| User-Agent logging is disabled.
2012/06/22 07:05:22| Referer logging is disabled.
2012/06/22 07:05:22| Unlinkd pipe opened on FD 13
2012/06/22 07:05:22| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2012/06/22 07:05:22| Store logging disabled
2012/06/22 07:05:22| Swap maxSize 512000 + 1024000 KB, estimated 118153 objects
2012/06/22 07:05:22| Target number of buckets: 5907
2012/06/22 07:05:22| Using 8192 Store buckets
2012/06/22 07:05:22| Max Mem size: 1024000 KB
2012/06/22 07:05:22| Max Swap size: 512000 KB
2012/06/22 07:05:22| Version 1 of swap file with LFS support detected...
2012/06/22 07:05:22| Rebuilding storage in /var/spool/squid (CLEAN)
2012/06/22 07:05:22| Using Least Load store dir selection
2012/06/22 07:05:22| Set Current Directory to /var/spool/squid
2012/06/22 07:05:22| Loaded Icons.
2012/06/22 07:05:22| Accepting intercepted HTTP connections at 0.0.0.0:3128, FD 16.
2012/06/22 07:05:22| HTCP Disabled.
2012/06/22 07:05:22| Squid plugin modules loaded: 0
2012/06/22 07:05:22| Adaptation support is off.
2012/06/22 07:05:22| Ready to serve requests.
2012/06/22 07:05:22| Done reading /var/spool/squid swaplog (1938 entries)
2012/06/22 07:05:22| Finished rebuilding storage from disk.
2012/06/22 07:05:22| 1938 Entries scanned

Dear it works now thanks a lot for helping me.