139685 – squid transparent proxy not working anymore!

Bug 139685 - squid transparent proxy not working anymore!

Summary: squid transparent proxy not working anymore!

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	3
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-11-17 15:19 UTC by Tran Manh Hai
Modified:	2007-11-30 22:10 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-01-05 14:44:30 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Tran Manh Hai 2004-11-17 15:19:13 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041111 Firefox/1.0

Description of problem:
Transparent proxy configurations

Working good on Fedora Core 2

After Upgrade to Fedora Core 3,
squid transparent proxy not working at all!

After Install Fedora Core 3 from scratch,
Squid transparent proxy still not working.


Version-Release number of selected component (if applicable):
squid-2.5.STABLE6-3

How reproducible:
Always

Steps to Reproduce:
1.Config all steps need for a squid transparent proxy
2.Config iptable to redirect the traffic:
  iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
3.Config cisco AS5350 to redirect the traffic

    

Actual Results:  Squid transparent proxy not working!

Expected Results:  Transparent proxy must working, (OK with Fedora Core 2)

Additional info:

Comment 1 Sitsofe Wheeler 2004-11-20 14:36:42 UTC

There is not enough information in this bug to make a decent
diagnosis. Do the squid logs say that connections are being made
(don't post the entire log though)? You may also want to attach your
squid.conf and indicate any firewall rules you have.

Comment 2 Sitsofe Wheeler 2004-11-20 14:37:57 UTC

Oops I forgot to mention is there any selinux related messages when
you do dmesg after trying to use the proxy?

Also does it work if you set a browser to use the proxy explictly?

Comment 3 Tran Manh Hai 2004-11-24 02:40:26 UTC

disable selinux, then it works

Comment 4 Sitsofe Wheeler 2004-11-24 08:36:31 UTC

Tran, I think you may have been a bit hasty marking this as NOTABUG.
I've seen squid working with selinux and all (and selinux is something
you really want turned on if you can).

Had you upgraded to the latest selinux policy pakcage? If so what
selinux errors were you seeing?

Comment 5 Daniel Walsh 2004-11-24 19:27:25 UTC

Yes what are the AVC messages you are in seeing in the
/var/log/messages file?

Dan

Comment 6 Phil Anderson 2004-12-23 12:42:01 UTC

I'm using squid with transperent proxying and it is working.  I'm
currently using selinux-policy-targeted-1.17.30-2.60.  I upgraded from
FC2.  Make sure you have the following 4 lines in your squid.conf.

httpd_accel_uses_host_header on
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on

I'm using the following iptables command:
iptables -t nat -A PREROUTING -s 192.168.1.0/255.255.255.0 -p tcp -m
tcp --dport http -j REDIRECT --to-ports 3128

Note You need to log in before you can comment on or make changes to this bug.