On 05/01/2008, Darragh <lists at digitaldarragh.com> wrote:
> I'm finally getting somewhere!
> To be more specific, I can connect to the internet if I configure the
> client to use the proxy 192.168.2.5:3128
That's good. A configured proxy works, so at least that much of the
squid side is right.
> but using iptables, it says
> something about the http request is malformed.
My first guess is that squid isn't confiugred to be a transparent proxy.
But that message also means that the http request did get to your
squid, which indicates that at least a part of the network side of the
"transparent" feature is right too.
> any suggestions as to how I can determine exactly what it's finding fault
> with? could it be because of something that's getting changed in the
> header as it's passing through the routing?
>> The page I am shown when connecting to google.com while the transparent
> proxy seems to be reached is:
This bit here is the difference:
> GET / HTTP/1.1
> Host: www.google.com
When the client knows it is using a proxy, the GET line is the full
http://www.google.com/ url. When it knows it isn't, the GET line is
just the local part, in this case /.
That squid fails on this request suggests that it is not correctly
configured for transparent proxying.
I see you are using 2.6.STABLE14.
On my 2.6.STABLE5, I changed the line
http_port 3128 transparent
and did "squid -k reconfigure", and then
nc localhost 3128 <<X
GET / HTTP/1.0
started succeeding (where previously it had failed in the same way
that yours does).
What is http_port set to in your squid.conf?
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!