Bug 139685 - squid transparent proxy not working anymore!
squid transparent proxy not working anymore!
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
i686 Linux
medium Severity high
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2004-11-17 10:19 EST by Tran Manh Hai
Modified: 2007-11-30 17:10 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-01-05 09:44:30 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tran Manh Hai 2004-11-17 10:19:13 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041111 Firefox/1.0

Description of problem:
Transparent proxy configurations

Working good on Fedora Core 2

After Upgrade to Fedora Core 3,
squid transparent proxy not working at all!

After Install Fedora Core 3 from scratch,
Squid transparent proxy still not working.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Config all steps need for a squid transparent proxy
2.Config iptable to redirect the traffic:
  iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
3.Config cisco AS5350 to redirect the traffic


Actual Results:  Squid transparent proxy not working!

Expected Results:  Transparent proxy must working, (OK with Fedora Core 2)

Additional info:
Comment 1 Sitsofe Wheeler 2004-11-20 09:36:42 EST
There is not enough information in this bug to make a decent
diagnosis. Do the squid logs say that connections are being made
(don't post the entire log though)? You may also want to attach your
squid.conf and indicate any firewall rules you have.
Comment 2 Sitsofe Wheeler 2004-11-20 09:37:57 EST
Oops I forgot to mention is there any selinux related messages when
you do dmesg after trying to use the proxy?

Also does it work if you set a browser to use the proxy explictly?
Comment 3 Tran Manh Hai 2004-11-23 21:40:26 EST
disable selinux, then it works
Comment 4 Sitsofe Wheeler 2004-11-24 03:36:31 EST
Tran, I think you may have been a bit hasty marking this as NOTABUG.
I've seen squid working with selinux and all (and selinux is something
you really want turned on if you can).

Had you upgraded to the latest selinux policy pakcage? If so what
selinux errors were you seeing?
Comment 5 Daniel Walsh 2004-11-24 14:27:25 EST
Yes what are the AVC messages you are in seeing in the
/var/log/messages file?

Comment 6 Phil Anderson 2004-12-23 07:42:01 EST
I'm using squid with transperent proxying and it is working.  I'm
currently using selinux-policy-targeted-1.17.30-2.60.  I upgraded from
FC2.  Make sure you have the following 4 lines in your squid.conf.

httpd_accel_uses_host_header on
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on

I'm using the following iptables command:
iptables -t nat -A PREROUTING -s -p tcp -m
tcp --dport http -j REDIRECT --to-ports 3128

Note You need to log in before you can comment on or make changes to this bug.