From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041111 Firefox/1.0 Description of problem: Transparent proxy configurations Working good on Fedora Core 2 After Upgrade to Fedora Core 3, squid transparent proxy not working at all! After Install Fedora Core 3 from scratch, Squid transparent proxy still not working. Version-Release number of selected component (if applicable): squid-2.5.STABLE6-3 How reproducible: Always Steps to Reproduce: 1.Config all steps need for a squid transparent proxy 2.Config iptable to redirect the traffic: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 3.Config cisco AS5350 to redirect the traffic Actual Results: Squid transparent proxy not working! Expected Results: Transparent proxy must working, (OK with Fedora Core 2) Additional info:
There is not enough information in this bug to make a decent diagnosis. Do the squid logs say that connections are being made (don't post the entire log though)? You may also want to attach your squid.conf and indicate any firewall rules you have.
Oops I forgot to mention is there any selinux related messages when you do dmesg after trying to use the proxy? Also does it work if you set a browser to use the proxy explictly?
disable selinux, then it works
Tran, I think you may have been a bit hasty marking this as NOTABUG. I've seen squid working with selinux and all (and selinux is something you really want turned on if you can). Had you upgraded to the latest selinux policy pakcage? If so what selinux errors were you seeing?
Yes what are the AVC messages you are in seeing in the /var/log/messages file? Dan
I'm using squid with transperent proxying and it is working. I'm currently using selinux-policy-targeted-1.17.30-2.60. I upgraded from FC2. Make sure you have the following 4 lines in your squid.conf. httpd_accel_uses_host_header on httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on I'm using the following iptables command: iptables -t nat -A PREROUTING -s 192.168.1.0/255.255.255.0 -p tcp -m tcp --dport http -j REDIRECT --to-ports 3128