Search squid archive

transparent proxy on remote box issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Setup: VPN <--> SQUID (both in Amazon EC2 classic instances, not VPC)

1) SQUID works fine by itself when I tried by configuring the browser (and 
before setting SQUID as transparent proxy).
2) VPN (strongswan) works fine by itself as well.

Now I added a few iptables rules to route traffic to SQUID and back.

//used these guide (applied all rules from first link, and loop back rule 
from second link, in the sec box of the page):

http://www.linuxdocs.org/HOWTOs/mini/TransparentProxy-6.html
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute

Behavior (iphone connect to VPN and browse the net; same behavior if 
connected directly to proxy):
1) when I set in intercept mode, I see whole URL and I get access denied. In 
access.log:
<VPN IP> TCP_MISS/403 4424 GET http://www.cnn.com/ - HIER_NONE/- text/html
<VPN IP> TCP_MISS/403 4515 GET http://www.cnn.com/ - HIER_DIRECT/<SQUID IP> 
text/html

cache.log:
Referer: http://www.cnn.com/
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_2 like Mac OS X) 
AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A501 
Safari/9537.53
Via: 1.1 ip-<SQUID IP> (squid/3.3.9-20131010-r12634)
Cache-Control: max-age=0
Connection: keep-alive


2) when I set to default mode (just port info), I get invalid URL. hostname 
information is missing. 
access.log - <VPN IP> NONE/400 3544 GET / - HIER_NONE/- text/html
cache.log - <empty>

//squid.conf
forwarded_for transparent
cache_effective_user proxy
http_port 3130 intercept
http_port 3128
debug_options ALL,1
forward_max_tries 25


I have no idea where the problem is.

Thanks





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux