Shorewall and squid transparent proxy problem

Diego Xirinachs dxiri343 at
Mon Apr 4 23:07:51 UTC 2011

Hi all, speaking of gateways and shorewall, I bumped into a problem today
with it. I have a 10.04 LTS server setup at a small office running shorewall
and squid, clients are configured MANUALLY to use the proxy server, but now
I want to make this proxy transparent and let shorewall redirect the proxy
requests becuase I need to setup a VPN and cisco VPN client doesnt have an
option to manually input a proxy.

So I go ahead and configured my squid to be transparent and shorewall to
redirect the traffic to it, only thing is, it doesnt work, If I remove the
proxy address from a client to test it, I get the following error (I use
chromium browser):

Error 137 (net::ERR_NAME_RESOLUTION_FAILED): Unknown error.

My /etc/shorewall/rules are setup with this ACCEPT and REDIRECT rules:

#                                                       PORT(S)    DEST
REDIRECT  loc        3128     tcp      www              -

ACCEPT    $FW        net      tcp      www

I have also tried putting the ACCEPT rule first but it didnt work also.
Squid Is installed on this same system and listening on port 3128

In my squid.conf Im pretty sure the ACL's are configured properly and I also
have this line:

always_direct allow localhost

That tells SQUID to always send traffic from the firewall directly to the

IF you need any more info please dont hesitate to ask, im really out of
ideas on this one I think everything is setup correctly and have no idea why
It doesnt work.

thanks in advance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the ubuntu-server mailing list