squid 2.6 -- working on port 3128, but not 'transparent'
I've followed the steps in this thread
http://www.linuxquestions.org/questi...id+transparent and the links posted in it. iptables: $IPT -t nat -A PREROUTING -i $LANINTERFACE -p tcp \ --dport 80 -j REDIRECT --to-port 3128 squid.conf: http_port 10.10.1.180:3128 transparent always_direct allow all What else do I need to do in 2.6 that isn't in this 3.0 how-to? |
Quote:
That said, you haven't really explained what exactly is happening - saying it doesn't work doesn't say much, if anything. What is the Squid log showing? What about firewall logs? Are LAN clients able to ping the Squid box and hosts on the WAN? Are you getting any error messages in the browsers? Are the LAN clients able to use the proxy if manually configured to use it? Plus any other info you could provide would be great. |
The docs I used to set this up were on the Squid site: http://wiki.squid-cache.org/SquidFaq/InterceptionProxy. Also as win32sux said, I've never had to use always_direct to get it working.
|
/var/log/squid/cache.log
Quote:
Quote:
Quote:
2008/06/01 13:20:00| parseHttpRequest: NF getsockopt(SO_ORIGINAL_DST) failed: (92) Protocol not available |
Is Squid running on the same box as the iptables redirection rule?
Or are the proxy and the firewall two separate boxes? |
same box
Quote:
|
According to the info here, you need to make sure that you have run modprobe ip_conntrack before starting Squid. Do you have the module loaded (or support for conntrack compiled in)?
|
Quote:
|
giving up
Quote:
|
All times are GMT -5. The time now is 11:09 PM. |