Configuring Squid as Transparent Proxy in RHEL5

[amitkush]

---

Hello everyone!
Need a bit of help from the linux community. Lately, I have been trying to configure squid as transparent proxy on my server running on RHEL5. I had gone through few articles on web abt how to configure it and configured squid accordingly adding http_accel_xyz settings and then configuring the NAT using iptables. But while restarting squid there were warnings about "unrecognized: http_accel_..." in parseConfigFile.
What I could get from these is that probably I need to recompile squid adding transparent proxy support. I downloaded the new squid 3.0 and tried to compile it.
But unfortunately, the 'make' command fails giving library errors.
I have been stuck with it now as the new squid does not compile and old one does not support the transparent mode.
Could anyone pl. help me in details as to how I could compile the new one and what supporting libraries do I need to compile it successfully and also from where can I get those.
Thanks!!

[signmem]

I use RHEL5 and squid 3.0 too ... what's error message show up?
post it please.

[amitkush]

Thanks for all the help. Here are the error messages I could see in different logs-

In the browser, the following message appears:
-------------------------------------------------------------
The following error was encountered:

Invalid Request
Some aspect of the HTTP Request is invalid. Possible problems:

Missing or unknown request method
Missing URL
Missing HTTP Identifier (HTTP/1.0)
Request is too large
Content-Length missing for POST or PUT requests
Illegal character in hostname; underscores are not allowed
Your cache administrator is root.

In squid.out:
----------------
parseConfigFile: unrecognized 'httpd_accel_host virtual'
parseConfigFile: unrecognized 'httpd_accel_port 80'
parseConfigFile: unrecognized 'httpd_accel_with_proxy on'
parseConfigFile: unrecognized 'httpd_accel_uses_host_header on'

In access.log:
-----------------
TCP_DENIED/400 0 HEAD error:invalid-request - NONE/- text/html
TCP_DENIED/400 1453 GET error:invalid-request - NONE/- text/html
TCP_DENIED/400 1544 POST error:invalid-request - NONE/- text/html

What could be the possible error?

[signmem]

Code:

In squid.out:
----------------
parseConfigFile: unrecognized 'httpd_accel_host virtual'
parseConfigFile: unrecognized 'httpd_accel_port 80'
parseConfigFile: unrecognized 'httpd_accel_with_proxy on'
parseConfigFile: unrecognized 'httpd_accel_uses_host_header on'

there is configure about squid 2.4 , not using for 2.6 or 3.0

if using 2.6 and about, use following configure.

Code:

http_port  3456 transparent

and dont forget using iptables command redirecto port 80 to squid service port.

[amitkush]

I have defined transparent port in squid.conf and redirected traffic to port 80 in iptables.
How can we do it with a single NIC? I am having problem with my second network card, so want to configure it with a single NIC.

[amitkush]

Wooooooooooooooooooofffff......................... .)))

Thanks for all your help. I could finally make it work after a long long struggle.
Thanks again!!

[ravis123]

Hi,
I am also getting the same error when I am trying to configure squid as a transparent proxy.
I am using squid 3.0 & as per you suggested I have added "http_port 3456 transparent" in squid.conf.

Also I have added the below rule

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

then also I am getting same error.
Can u please help me in this issue.

[amitkush]

first of all make both the ports same. u r redirecting to 3128 and starting transparent service at 3456