Andrei Verovski (aka MacGuru)
2006-Jun-14 18:54 UTC
Absolutely Srange Transparent Proxy Problem
Hi, I have absolutely strange problem with Transparent Proxy configuration (SuSE 10, Squid 2.5, latest shorewall, 2-zone config, squid running on the same box as shorewall). the rule lists as REDIRECT loc 3128 tcp www - Corresponding ports are open. At first time I am was thinking something was wrong with squid. However, connecting directly to squid causes no problems. Looks like somewhere happens URL rewriting. Any idea what might be wrong? -------------------------------- ERROR The requested URL could not be retrieved ________________________________ While trying to retrieve the URL: / The following error was encountered: Invalid URL Some aspect of the requested URL is incorrect. Possible problems: Missing or incorrect access protocol (should be `http://'''' or similar) Missing hostname Illegal double-escape in the URL-Path Illegal character in hostname; underscores are not allowed Your cache administrator is webmaster. ________________________________ Generated Wed, 14 Jun 2006 14:48:43 GMT by mail.domain.lv (squid/2.5.STABLE10)
ermm..i think shorewall has nothing to do with it. as far as i remember, the only configuration i needed to set on shorewall in order to allow transparent proxy on squid is just that single line as you mentioned above. could it be your squid configuration problem? did you enable the transparent proxy option while compiling squid? you might as well try your luck on squid mailinglist itself. hope this helps.. On 6/15/06, Andrei Verovski (aka MacGuru) <andreil1@starlett.lv> wrote:> Hi, > > I have absolutely strange problem with Transparent Proxy configuration (SuSE > 10, Squid 2.5, latest shorewall, 2-zone config, squid running on the same box > as shorewall). > > the rule lists as > REDIRECT loc 3128 tcp www - > > Corresponding ports are open. At first time I am was thinking something was > wrong with squid. However, connecting directly to squid causes no problems. > Looks like somewhere happens URL rewriting. > > Any idea what might be wrong? > > -------------------------------- > > ERROR > The requested URL could not be retrieved ________________________________ > > While trying to retrieve the URL: / > > The following error was encountered: > Invalid URL > > Some aspect of the requested URL is incorrect. Possible problems: > Missing or incorrect access protocol (should be `http://'''' or similar) > Missing hostname > Illegal double-escape in the URL-Path > Illegal character in hostname; underscores are not allowed > > Your cache administrator is webmaster. > ________________________________ > Generated Wed, 14 Jun 2006 14:48:43 GMT by mail.domain.lv > (squid/2.5.STABLE10) > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >-- Regards, Wong Chee Chun Network Engineer Softmy Co. Ltd (http://www.softmy.com)
Wong Chee Chun wrote:> ermm..i think shorewall has nothing to do with it. as far as i > remember, the only configuration i needed to set on shorewall in order > to allow transparent proxy on squid is just that single line as you > mentioned above. could it be your squid configuration problem? did you > enable the transparent proxy option while compiling squid? you might > as well try your luck on squid mailinglist itself. hope this helps.. >I agree -- this is definitely a Squid configuration problem. See http://www.tldp.org/HOWTO/TransparentProxy.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> Wong Chee Chun wrote: >> ermm..i think shorewall has nothing to do with it. as far as i >> remember, the only configuration i needed to set on shorewall in order >> to allow transparent proxy on squid is just that single line as you >> mentioned above. could it be your squid configuration problem? did you >> enable the transparent proxy option while compiling squid? you might >> as well try your luck on squid mailinglist itself. hope this helps.. >> > > I agree -- this is definitely a Squid configuration problem. See > http://www.tldp.org/HOWTO/TransparentProxy.html >Or more specifically, http://www.tldp.org/HOWTO/TransparentProxy-4.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Andrei Verovski (aka MacGuru) wrote:> Any idea what might be wrong? >Yes, That means you haven''t read the big fat "caution" message in the Shorewall documentation that points you to the relevant SQUID documentation ;-)