Results 1 to 2 of 2
I have setup Tranparent proxy on Fedora Core 6 using Squid 6. This setup is on a single machine that acts as a residential firewall, gateway, DNS server, Apache server, ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 02-15-2007 #1
- Join Date
- Feb 2007
Transparent proxy response issue
The clients on the local network are able to connect to the internet through the proxy, but after about 30 seconds, the browser on the client stops responding. If I wait about 10mins, kill the browser and start again, I can view the pages again. If I don't wait long enough the browser errors out with page not found.
Here is a clue -- If I am on a site like CNN.com, and continue to hit the refresh button, I get new ads on the page. If I let the browser idle for the duration of an advertisement update cycle, I could see the browser on its own trying to update the ad, but no update is seen on the page. Upon this event, the browser hangs, probably still trying to get that adverisement update. I could see the access log on the server sitting idle after this event with MISS message. Why wouldn't it do anything -- Iptables trying to block traffic? If so, how come I can browse from one site to the other without letting the browser idle long enough for ad updates?
Could it be the iptables setup or squid setup. Again, if I don't let the browser idle everything is fine. Additionally, if I bypass the transparent proxy everything is fine also. I tried multiple clients, all exhibiting the same issue.
What do I need to post here to help one to troubleshoot -- Iptables and squid.conf? I have two NIC cards eth0 connected to Internet using DHCP and eth1 to internal network with static IP: 192.168.1.1. The clients are using static ip such as 192.168.1.11, 192.168.1.12. I am masquerading the IP address to the internet.
Any help is appreciated... Thanks
- 02-20-2007 #2
- Join Date
- Feb 2007
The problem has been resolved! -- In my *test* setup I had a linksys router between the DSL modem and the gateway computer (My server that acts as DHCP server, squid proxy, etc.). While the internet access from the server was fine, all the clients couldn't consistently connect to it -- they were denied service to the internet. I don't know much about the TCP/IP technology; but the problem seems to be the extra hop (throught the linksys router) the clients had to make in-order to connect to the ISP. May be the TTL parameter can be manipulated with the IPTABLES mangle command -- so the packet transmission will continue?
At this point the TCP packet transmission is purely academic for me; it may benefit someone else who acutally wants to have an additional hop infront of the server But, I got everything working the way I want.
Anyway, I am glad the solution resolved on its own, by directly connecting the computer to the DSL modem (the desired setup for me), as it has been a week with no solution from this forum. For my question as to what I should provide to help one troubleshoot -- it is the tcpdump and iptables log for dropped/reject packets that are required. Squid is working as per design!