On Tue, 18 Oct 2011 04:14:28 +0400, zozo zozo wrote:
> Port 80 is redirected from another machine to this one's 13128.
> If squid worked on transparent port, it would reply to direct HTTP
> GET on 13128 too, it does on Ubuntu.
> Here squid accepts the connection but then closes it immediately.
>
NAT on another box has never been supported. It was a major security
bug which is now closed in 3.2.
What you need to do instead is use "policy routing" to ship the packets
untouched to the Squid box. And perform the REDIRECT/DNAT with iptables
on the Squid box.
P.S. Ubuntu ship slightly older releases of Squid where this NAT
brokenness is tolerated.
Amos
> 18 октября 2011, 04:05 от Pieter De Wit:
>> Hi,
>>
>> Maybe I am missing it, but where is the rule to REDIRECT port 80 to
>> 13128
>> in iptables ?
>>
>> Cheers,
>>
>> Pieter
>>
>> On Tue, 18 Oct 2011, zozo zozo wrote:
>>
>> > I'm trying to make squid work as transparent proxy on CentOS,
>> squid ver is 3.2.0.12, with ecap enabled.
>> > The problem is that squid doesn't work on transparent port and
>> responds on non-transparent port.
>> >
>> > I've simplified configuration as possible to exclude access errors
>> > Here's my squid.conf:
>> >
>> > http_port 13128 intercept
>> > http_port 13129
>> > acl our_networks src 1.2.3.0/24
>> > acl localnet src 127.0.0.1/24
>> > http_access allow all
>> > http_access allow our_networks
>> > http_access allow localnet
>> >
>> > cache_mem 0 MB
>> > cache deny all
>> >
>> > #end of squid.config
Received on Tue Oct 18 2011 - 02:57:51 MDT
This archive was generated by hypermail 2.2.0 : Tue Oct 18 2011 - 12:00:04 MDT