Hello,
I am having trouble with my squid setup. Here is exactly what I am trying to
do: I am setting up a VPN server and I want all VPN traffic to be
transparently proxied by squid with ssl bumping enabled. Right now when I
try to do this I get an access denied page from the client.
Here are lines from my squid.conf:
=================================================
acl localnet src 192.168.1.0/24 # local network
acl localnet src 192.168.3.0/24 # vpn network
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 192.168.1.145:3127 intercept
http_port 192.168.1.145:3128 intercept ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
key=/etc/squid3/ssl/private.pem cert=/etc/squid3/ssl/public.pem
always_direct allow all
ssl_bump allow all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children 5
=================================================
Here are my iptables rules:
=================================================
sysctl -w net.ipv4.ip_forward=1
iptables -F
iptables -t nat -F
# transparent proxy for vpn
iptables -t nat -A PREROUTING -i ppp+ -p tcp --dport 80 -j DNAT
--to-destination 192.168.1.145:3127
iptables -t nat -A PREROUTING -i ppp+ -p tcp --dport 443 -j DNAT
--to-destination 192.168.1.145:3128
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables --table nat --append POSTROUTING --out-interface ppp+ -j MASQUERADE
iptables -I INPUT -s 192.168.3.0/24 -i ppp+ -j ACCEPT
iptables --append FORWARD --in-interface eth0 -j ACCEPT
=================================================
When I connect to VPN and try to browse the web I get the following error in
/etc/squid3/cache.log on the vpn server:
2014/08/12 21:21:02 kid1| ERROR: No forward-proxy ports configured.
2014/08/12 21:21:02 kid1| WARNING: Forwarding loop detected for:
GET /Artwork/SN.png HTTP/1.1
Host: www.squid-cache.org
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101
Firefox/30.0
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.google.com/
Via: 1.1 localhost (squid/3.2.11)
X-Forwarded-For: 127.0.0.1
Cache-Control: max-age=259200
Connection: keep-alive
2014/08/12 21:21:02 kid1| ERROR: No forward-proxy ports configured.
I am wondering about this erro "No forward-proxy ports configured." What do
I need to change about my squid.conf that would allow me to do transparent
proxying?
Thanks in advance.
-- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/HTTP-HTTPS-transparent-proxy-doesn-t-work-tp4667193.html Sent from the Squid - Users mailing list archive at Nabble.com.Received on Wed Aug 13 2014 - 04:34:01 MDT
This archive was generated by hypermail 2.2.0 : Wed Aug 13 2014 - 12:00:05 MDT