Shorewall and squid transparent proxy problem
DULMANDAKH Sukhbaatar
dulmandakh at gmail.com
Tue Apr 5 09:44:00 UTC 2011
You need to allow outgoing DNS requests to make squid work properly.
On 5 Apr 2011 07:08, "Diego Xirinachs" <dxiri343 at gmail.com> wrote:
> Hi all, speaking of gateways and shorewall, I bumped into a problem today
> with it. I have a 10.04 LTS server setup at a small office running
shorewall
> and squid, clients are configured MANUALLY to use the proxy server, but
now
> I want to make this proxy transparent and let shorewall redirect the proxy
> requests becuase I need to setup a VPN and cisco VPN client doesnt have an
> option to manually input a proxy.
>
> So I go ahead and configured my squid to be transparent and shorewall to
> redirect the traffic to it, only thing is, it doesnt work, If I remove the
> proxy address from a client to test it, I get the following error (I use
> chromium browser):
>
> Error 137 (net::ERR_NAME_RESOLUTION_FAILED): Unknown error.
>
> My /etc/shorewall/rules are setup with this ACCEPT and REDIRECT rules:
>
> #ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE ORIGINAL
> # PORT(S) DEST
> REDIRECT loc 3128 tcp www -
>
> ACCEPT $FW net tcp www
>
>
> I have also tried putting the ACCEPT rule first but it didnt work also.
> Squid Is installed on this same system and listening on port 3128
>
> In my squid.conf Im pretty sure the ACL's are configured properly and I
also
> have this line:
>
> always_direct allow localhost
>
> That tells SQUID to always send traffic from the firewall directly to the
> internet.
>
> IF you need any more info please dont hesitate to ask, im really out of
> ideas on this one I think everything is setup correctly and have no idea
why
> It doesnt work.
>
> thanks in advance
> --
> X1R1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20110405/c2341001/attachment.html>
More information about the ubuntu-server
mailing list