Bug 139685

Summary: squid transparent proxy not working anymore!
Product: [Fedora] Fedora Reporter: Tran Manh Hai <tmhai>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 3CC: dwalsh, pza
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-01-05 14:44:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tran Manh Hai 2004-11-17 15:19:13 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041111 Firefox/1.0

Description of problem:
Transparent proxy configurations

Working good on Fedora Core 2

After Upgrade to Fedora Core 3,
squid transparent proxy not working at all!

After Install Fedora Core 3 from scratch,
Squid transparent proxy still not working.


Version-Release number of selected component (if applicable):
squid-2.5.STABLE6-3

How reproducible:
Always

Steps to Reproduce:
1.Config all steps need for a squid transparent proxy
2.Config iptable to redirect the traffic:
  iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
3.Config cisco AS5350 to redirect the traffic

    

Actual Results:  Squid transparent proxy not working!

Expected Results:  Transparent proxy must working, (OK with Fedora Core 2)

Additional info:
Comment 1 Sitsofe Wheeler 2004-11-20 14:36:42 UTC 
There is not enough information in this bug to make a decent
diagnosis. Do the squid logs say that connections are being made
(don't post the entire log though)? You may also want to attach your
squid.conf and indicate any firewall rules you have.
Comment 2 Sitsofe Wheeler 2004-11-20 14:37:57 UTC 
Oops I forgot to mention is there any selinux related messages when
you do dmesg after trying to use the proxy?

Also does it work if you set a browser to use the proxy explictly?
Comment 3 Tran Manh Hai 2004-11-24 02:40:26 UTC 
disable selinux, then it works
Comment 4 Sitsofe Wheeler 2004-11-24 08:36:31 UTC 
Tran, I think you may have been a bit hasty marking this as NOTABUG.
I've seen squid working with selinux and all (and selinux is something
you really want turned on if you can).

Had you upgraded to the latest selinux policy pakcage? If so what
selinux errors were you seeing?
Comment 5 Daniel Walsh 2004-11-24 19:27:25 UTC 
Yes what are the AVC messages you are in seeing in the
/var/log/messages file?

Dan
Comment 6 Phil Anderson 2004-12-23 12:42:01 UTC 
I'm using squid with transperent proxying and it is working.  I'm
currently using selinux-policy-targeted-1.17.30-2.60.  I upgraded from
FC2.  Make sure you have the following 4 lines in your squid.conf.

httpd_accel_uses_host_header on
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on

I'm using the following iptables command:
iptables -t nat -A PREROUTING -s 192.168.1.0/255.255.255.0 -p tcp -m
tcp --dport http -j REDIRECT --to-ports 3128