struggling with bridge transparent squid

S

scyzxp

My rc.conf:
Code: 
defaultrouter="10.160.14.1"
#gateway_enable="YES"
cloned_interfaces="bridge0"
ifconfig_bridge0="addm bge0 addm rl0 up"
ifconfig_bridge0_alias0="inet 10.160.14.19 netmask 255.255.255.192"
ifconfig_bge0="up"
ifconfig_rl0="up"
sshd_enable="YES"
webmin_enable="YES"
hostname="bridge"

My squid.conf:
Code: 
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32

#acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src 10.160.14.0/23

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localnet
http_access allow localhost

http_access allow all

hierarchy_stoplist cgi-bin ?
coredump_dir /var/squid/cache
visible_hostname bridge
unique_hostname test.bridge
follow_x_forwarded_for deny all
# custom
http_port 127.0.0.1:8080 intercept
cache_effective_user squid
cache_effective_group squid

My squid -v:
Code: 
Squid Cache: Version 3.1.16
configure options:  '--with-default-user=squid' '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid'
 '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/var/squid' '--sysconfdir=/usr/local/etc/squid' '--with-logdir=/var/log/squid'
 '--with-pidfile=/var/run/squid/squid.pid' '--enable-removal-policies=lru heap' '--disable-linux-netfilter' '--disable-linux-tproxy'
 '--disable-epoll' '--disable-translation' '--enable-auth=basic digest negotiate ntlm' '--enable-basic-auth-helpers=DB NCSA PAM MSNT SMB
 squid_radius_auth YP' '--enable-digest-auth-helpers=password' '--enable-external-acl-helpers=ip_user session unix_group wbinfo_group'
 '--enable-ntlm-auth-helpers=smb_lm' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-storeio=ufs diskd aufs' '--enable-disk-io=AIO
 Blocking DiskDaemon DiskThreads' '--enable-delay-pools' '--enable-ssl' '--with-openssl=/usr' '--enable-icmp' '--enable-forw-via-db'
 '--enable-pf-transparent' '--disable-ecap' '--disable-loadable-modules' '--enable-kqueue' '--with-large-files' '--disable-optimizations'
 '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=i386-portbld-freebsd8.2' 'build_alias=i386-portbld-
 freebsd8.2' 'CC=cc' 'CFLAGS=-pipe  -I/usr/include -g' 'LDFLAGS= -rpath=/usr/lib:/usr/local/lib -L/usr/lib' 'CPPFLAGS=' 'CXX=c++'
 'CXXFLAGS=-pipe -I/usr/include -g' 'CPP=cpp' --with-squid=/usr/ports/www/squid31/work/squid-3.1.16 --enable-ltdl-convenience


My pf.conf:
Code: 
ext_if="bge0"
int_if="rl0"
bride="bridge0"

rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 8080

pass in quick on $int_if route-to lo0 inet proto tcp from any to 127.0.0.1 port 8080 keep state

My squid log:
cache.log
Code: 
2011/12/18 12:09:26| [color="Red"]WARNING: Forwarding loop detected for:[/color]
GET /Artwork/SN.png HTTP/1.1
Accept: */*
Referer: http://msn.allyes.com/main/adfshow?user=MSN|Messenger|IMSCHI_CNZHS_MESGRMAINWIND_BAN234X60_I3_others&db=msn&border=0&local=yes
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; CIBA; Windows Live Messenger 14.0.8117.0416)
Host: www.squid-cache.org
Via: 1.1 test.bridge (squid/3.1.16)
X-Forwarded-For: 10.160.14.247
Cache-Control: max-age=259200
Connection: keep-alive

access.log

Code: 
1324181366.084      0 10.160.14.19 [color="Red"]TCP_MISS/403[/color] 4032 GET http://www.squid-cache.org/Artwork/SN.png - NONE/- text/html
1324181366.084      1 10.160.14.247 [color="Red"]TCP_MISS/403[/color] 4091 GET http://www.squid-cache.org/Artwork/SN.png - DIRECT/209.169.10.131 text/html
 
Did you ever find what was wrong?

My setup is nearly the same as yours, except that I'm using FreeBSD 9.0 and Squid 3.2.3 from ports, and all I got is that same TCM_MISS/403 for intercepted traffic. Regular traffic passes without any glitches.

My squid.conf differs only on:

Code: 
  http_port 3129 intercept
  http_port 3128
 
You must log in or register to reply here.
Back
Top