[squid-users] problem with transparent proxy virtual ports

Problem with transparent proxy virtual ports

I am using squid-2.5.13 (latest version) on remote box with this
configuration:

========================
# cat /etc/squid/squid.conf
http_port 1080
icp_port 0
acl QUERY urlpath_regex .*
no_cache deny QUERY
cache_dir aufs /var/cache/squid 32 16 256
acl all src 0.0.0.0/0.0.0.0
http_access allow all
httpd_accel_host virtual
httpd_accel_port 0
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
header_access X-Forwarded-For deny all
header_access Via deny all
========================

Port 1080 is opened on this firewalled remote server. On my home PC where i am
using proxy i have iptables set to use proxy server for all IP
excepting /etc/local.net:

========================
IPT="/sbin/iptables"
LV_IPS=$(grep -v "#" /etc/local.net)
for i in ${LV_IPS}; do
 ${IPT} -t nat -A OUTPUT -d ${i} -j ACCEPT
 ${IPT} -t nat -A PREROUTING -d ${i} -j ACCEPT
done

${IPT} -t nat -A OUTPUT -p tcp -j DNAT --to-destination
my_proxy_server_ip:1080
========================

In iptables it result like this:

========================
[...]
-A OUTPUT -d 195.178.96.0/255.255.254.0 -j ACCEPT
-A OUTPUT -d 195.246.226.0/255.255.254.0 -j ACCEPT
-A OUTPUT -d 194.50.105.0/255.255.255.0 -j ACCEPT
-A OUTPUT -p tcp -j DNAT --to-destination my_proxy_server_ip:1080
========================

Same configuration works perfectly for my friend but i got problem - when i
try to open, for example, http://www.gentoo.org , squid requests
http://www.gentoo.org:1080 . I got line "httpd_accel_port 0" in my squid
configuration which must request virtual port 80 if i try to open
gentoo.org:80 , not 1080. Quote from squid documentation:

========================
Tag Name httpd_accel_port
Usage httpd_accel_port port
Description

Accelerated requests can only be forwarded to one port: There is no table that
associates accelerated hosts and a destination port. Squid will connect to
the port that you set the httpd_accel_port value to. When acting as a
front-end for a web server on the local machine, you will set up the web
server to listen for connections on a different port (8000, for example), and
set this squid.conf option to match the same value. If, on the other hand,
you are forwarding requests to a set of slow backend servers, they will
almost certainly be listening to port 80 (the default web-server port), and
this option will need to be set to 80. If you want virtual port support then
specify the port as "0"
========================

If i set httpd_accel_port to 80 - everythink works perfect only for port 80.

Why "httpd_accel_port 0" doesn`t work like i need? Maybe it`s firewall
problem? Thanks.
Received on Thu May 04 2006 - 14:59:25 MDT