[squid-users] HTTP/HTTPS transparent proxy doesn't work

From: agent_js03 <justinmschw_at_gmail.com>
Date: Tue, 12 Aug 2014 21:33:56 -0700 (PDT)

Hello,

I am having trouble with my squid setup. Here is exactly what I am trying to
do: I am setting up a VPN server and I want all VPN traffic to be
transparently proxied by squid with ssl bumping enabled. Right now when I
try to do this I get an access denied page from the client.

Here are lines from my squid.conf:

=================================================
acl localnet src 192.168.1.0/24 # local network
acl localnet src 192.168.3.0/24 # vpn network
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 192.168.1.145:3127 intercept
http_port 192.168.1.145:3128 intercept ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
key=/etc/squid3/ssl/private.pem cert=/etc/squid3/ssl/public.pem
always_direct allow all
ssl_bump allow all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB
sslcrtd_children 5

=================================================

Here are my iptables rules:

=================================================
sysctl -w net.ipv4.ip_forward=1
iptables -F
iptables -t nat -F

# transparent proxy for vpn
iptables -t nat -A PREROUTING -i ppp+ -p tcp --dport 80 -j DNAT
--to-destination 192.168.1.145:3127
iptables -t nat -A PREROUTING -i ppp+ -p tcp --dport 443 -j DNAT
--to-destination 192.168.1.145:3128

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables --table nat --append POSTROUTING --out-interface ppp+ -j MASQUERADE
iptables -I INPUT -s 192.168.3.0/24 -i ppp+ -j ACCEPT
iptables --append FORWARD --in-interface eth0 -j ACCEPT

=================================================

When I connect to VPN and try to browse the web I get the following error in
/etc/squid3/cache.log on the vpn server:

2014/08/12 21:21:02 kid1| ERROR: No forward-proxy ports configured.
2014/08/12 21:21:02 kid1| WARNING: Forwarding loop detected for:
GET /Artwork/SN.png HTTP/1.1
Host: www.squid-cache.org
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101
Firefox/30.0
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.google.com/
Via: 1.1 localhost (squid/3.2.11)
X-Forwarded-For: 127.0.0.1
Cache-Control: max-age=259200
Connection: keep-alive

2014/08/12 21:21:02 kid1| ERROR: No forward-proxy ports configured.

I am wondering about this erro "No forward-proxy ports configured." What do
I need to change about my squid.conf that would allow me to do transparent
proxying?

Thanks in advance.

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/HTTP-HTTPS-transparent-proxy-doesn-t-work-tp4667193.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Wed Aug 13 2014 - 04:34:01 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 13 2014 - 12:00:05 MDT