Bug 100779 - RFE: transparent caching support with Squid
RFE: transparent caching support with Squid
Product: Fedora
Classification: Fedora
Component: squid (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Martin Stransky
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2003-07-25 04:41 EDT by Reuben Farrelly
Modified: 2007-11-30 17:10 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-11-24 06:48:22 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Reuben Farrelly 2003-07-25 04:41:24 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

Description of problem:
To further simplify the use of squid with transparent proxying could there be 
a flag added to /etc/sysconfig/squid:


Then when the squid init script starts up it checks this value and if 
transparent proxy support is required it automatically runs this iptables 

iptables -t nat -A PREROUTING -i $interface -p tcp --dport 80 -j REDIRECT --to-
port $port

See http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.4

Applies to all versions of squid (including the up and coming 3.0 release)
Comment 1 Frediano Ziglio 2005-06-28 09:42:35 EDT
It seems that getsockopt(sock, SOL_IP, SO_ORIGINAL_DST, ...) do not return
original destination but redirected one. I use a small program to redirect
output and got this problem...
Comment 2 Frediano Ziglio 2005-06-28 09:45:23 EDT
Sorry, I forgot, I'm using Fedora Core 4 with latest kernel (2.6.11-1.1369_FC4)
Comment 3 Frediano Ziglio 2005-07-04 07:34:45 EDT
Same problem with kernel 2.6.12-1.1387_FC4. 
Note the problem is a regression problem, not an RFE.
Comment 4 Frediano Ziglio 2005-07-16 09:18:26 EDT
I updated to kernel 2.6.12-1.1398_FC4 with contain a fix for transparent proxy
and bridge however it do not fix this particular problem.
Comment 5 rambler8 2005-09-08 00:03:37 EDT
IMHO I think this would not be a good idea because in many times it will not be 
added in the proper sequence in the PREROUTING chain, i.e. if the last rule of 
the PREROUTING chain before squid is started is

itpables -t nat -A PREROUTING -j DROP

and using an -I rule to add the rule to the top of the chain could be equally 
Comment 6 Martin Stransky 2005-11-24 06:48:22 EST
I think it can have more cons than pros so closing as WONTFIX.
Comment 7 Frediano Ziglio 2006-03-18 11:43:47 EST
Happily someone else fixed the problem in the kernel.

Note You need to log in before you can comment on or make changes to this bug.