Bug 100779 - RFE: transparent caching support with Squid
Summary: RFE: transparent caching support with Squid
Alias: None
Product: Fedora
Classification: Fedora
Component: squid   
(Show other bugs)
Version: rawhide
Hardware: i386 Linux
Target Milestone: ---
Assignee: Martin Stransky
QA Contact:
Keywords: FutureFeature
Depends On:
TreeView+ depends on / blocked
Reported: 2003-07-25 08:41 UTC by Reuben Farrelly
Modified: 2007-11-30 22:10 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-11-24 11:48:22 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Reuben Farrelly 2003-07-25 08:41:24 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

Description of problem:
To further simplify the use of squid with transparent proxying could there be 
a flag added to /etc/sysconfig/squid:


Then when the squid init script starts up it checks this value and if 
transparent proxy support is required it automatically runs this iptables 

iptables -t nat -A PREROUTING -i $interface -p tcp --dport 80 -j REDIRECT --to-
port $port

See http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.4

Applies to all versions of squid (including the up and coming 3.0 release)

Comment 1 Frediano Ziglio 2005-06-28 13:42:35 UTC
It seems that getsockopt(sock, SOL_IP, SO_ORIGINAL_DST, ...) do not return
original destination but redirected one. I use a small program to redirect
output and got this problem...

Comment 2 Frediano Ziglio 2005-06-28 13:45:23 UTC
Sorry, I forgot, I'm using Fedora Core 4 with latest kernel (2.6.11-1.1369_FC4)

Comment 3 Frediano Ziglio 2005-07-04 11:34:45 UTC
Same problem with kernel 2.6.12-1.1387_FC4. 
Note the problem is a regression problem, not an RFE.

Comment 4 Frediano Ziglio 2005-07-16 13:18:26 UTC
I updated to kernel 2.6.12-1.1398_FC4 with contain a fix for transparent proxy
and bridge however it do not fix this particular problem.

Comment 5 rambler8 2005-09-08 04:03:37 UTC
IMHO I think this would not be a good idea because in many times it will not be 
added in the proper sequence in the PREROUTING chain, i.e. if the last rule of 
the PREROUTING chain before squid is started is

itpables -t nat -A PREROUTING -j DROP

and using an -I rule to add the rule to the top of the chain could be equally 

Comment 6 Martin Stransky 2005-11-24 11:48:22 UTC
I think it can have more cons than pros so closing as WONTFIX.

Comment 7 Frediano Ziglio 2006-03-18 16:43:47 UTC
Happily someone else fixed the problem in the kernel.

Note You need to log in before you can comment on or make changes to this bug.