debian Etch transparent squid proxy error messages

Hi,

I've got the error message:

$ /etc/init.d/squid restart
Restarting Squid HTTP proxy: squid Waiting.........done.
2006/10/06 09:36:43| parseConfigFile: line 2262 unrecognized:
'httpd_accel_host virtual'
2006/10/06 09:36:43| parseConfigFile: line 2263 unrecognized:
'httpd_accel_port 80'
2006/10/06 09:36:43| parseConfigFile: line 2293 unrecognized:
'httpd_accel_with_proxy on'
2006/10/06 09:36:43| parseConfigFile: line 2314 unrecognized:
'httpd_accel_uses_host_header on'

following the FAQ: http://tldp.org/HOWTO/TransparentProxy-4.html

I'm using debian/etch:

$ dpkg -l|grep squid
ii squid 2.6.3-1
Internet Object Cache (WWW proxy cache)
ii squid-cgi 2.6.3-1
Squid cache manager CGI program
ii squid-common 2.6.3-1
Internet Object Cache (WWW proxy cache) - co
ii squidclient 2.6.3-1
Command line URL extractor that talks to (a)
ii squidview 0.70-1
monitors and analyses squid access.log files

what happened here?

Thanks
Olaf

maybe, this is usefull too:

$ grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d'
http_port 127.0.0.1:3128
icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 16 MB
maximum_object_size 32768 KB
cache_replacement_policy heap LFUDA
cache_dir aufs /var/cache/squid 1024 16 256
cache_access_log /var/log/squid/access.log
debug_options ALL,1
diskd_program /usr/lib/squid/diskd-daemon
auth_param digest children 5
auth_param digest realm Squid proxy-caching web server
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
shutdown_lifetime 10 seconds
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_reply_access allow all
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
header_access Via deny all
header_access X-Forwarded-For deny all
header_access Cache-Control deny all
header_access Keep-Alive deny all
header_access User-Agent deny all
header_replace User-Agent Mozilla/5.0
coredump_dir /var/cache/squid

Olaf Petzold napisal(a):
> Hi,
>
> I've got the error message:
>
> $ /etc/init.d/squid restart
> Restarting Squid HTTP proxy: squid Waiting.........done.
> 2006/10/06 09:36:43| parseConfigFile: line 2262 unrecognized:
> 'httpd_accel_host virtual'
> 2006/10/06 09:36:43| parseConfigFile: line 2263 unrecognized:
> 'httpd_accel_port 80'
> 2006/10/06 09:36:43| parseConfigFile: line 2293 unrecognized:
> 'httpd_accel_with_proxy on'
> 2006/10/06 09:36:43| parseConfigFile: line 2314 unrecognized:
> 'httpd_accel_uses_host_header on'


For Squid-2.6 and Squid-3.0 you simply need to add the keyword
transparent on the http_port that your proxy will receive the
redirected requests on as the above directives are not necessary and in
fact have been removed in those releases:

http_port 3128 transparent

For Squid-2.5 and earlier the configuration is a little more complex.
Here are the important settings in squid.conf for Squid-2.5 and
earlier:

http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on


Regards
T.K - http://www.trefl.pl
Wypozyczalnia samochodów Kraków
Wynajem samochodów Kraków
Wynajem samochodów w Krakowie
Rent a car krakow
Car rental krakow

>> $ /etc/init.d/squid restart
>> Restarting Squid HTTP proxy: squid Waiting.........done.
>> 2006/10/06 09:36:43| parseConfigFile: line 2262 unrecognized:
>> 'httpd_accel_host virtual'
>> 2006/10/06 09:36:43| parseConfigFile: line 2263 unrecognized:
>> 'httpd_accel_port 80'
>> 2006/10/06 09:36:43| parseConfigFile: line 2293 unrecognized:
>> 'httpd_accel_with_proxy on'
>> 2006/10/06 09:36:43| parseConfigFile: line 2314 unrecognized:
>> 'httpd_accel_uses_host_header on'
>
>
> For Squid-2.6 and Squid-3.0 you simply need to add the keyword
> transparent on the http_port that your proxy will receive the
> redirected requests on as the above directives are not necessary and in
> fact have been removed in those releases:
>
> http_port 3128 transparent
>
> For Squid-2.5 and earlier the configuration is a little more complex.
[...]

The documentation (2.6 and 3.0) seems to be completly out of dated.
Following /usr/share/doc/squid/README.transparent-proxy:
--->8---
You can do transparent caching on Linux, Solaris, and BSD derivations.

The FAQ talks about this, see FAQ-17.html. It says:

The trick is to get the operating system to forward certain IP packets
to the application. This document currently contains only instruction
for configuring transparent caching on Linux and Solaris.

Here are the important settings in squid.conf:

http_port 80
icp_port 3130
httpd_accel virtual 80
httpd_accel_with_proxy on

The Linux section of the FAQ is out of date. For example it says:
[...]
----8<----

same to file:///usr/share/doc/squid/FAQ-17.html
and http://www.deckle.co.za/squid-users-...parent_Caching


Using "http_port 3128 transparent" give's no error but it isn't working
to me:

$ iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp dpt:www
redir ports 3128

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


/var/log/squid/access.log gives no hit.

Where can I find actually docs about configuration transparent squid
proxy on debian/linux?

Thanks
Olaf

Olaf Petzold napisal(a):
> >> $ /etc/init.d/squid restart
> >> Restarting Squid HTTP proxy: squid Waiting.........done.
> >> 2006/10/06 09:36:43| parseConfigFile: line 2262 unrecognized:
> >> 'httpd_accel_host virtual'
> >> 2006/10/06 09:36:43| parseConfigFile: line 2263 unrecognized:
> >> 'httpd_accel_port 80'
> >> 2006/10/06 09:36:43| parseConfigFile: line 2293 unrecognized:
> >> 'httpd_accel_with_proxy on'
> >> 2006/10/06 09:36:43| parseConfigFile: line 2314 unrecognized:
> >> 'httpd_accel_uses_host_header on'
> >
> >
> > For Squid-2.6 and Squid-3.0 you simply need to add the keyword
> > transparent on the http_port that your proxy will receive the
> > redirected requests on as the above directives are not necessary and in
> > fact have been removed in those releases:
> >
> > http_port 3128 transparent
> >
> > For Squid-2.5 and earlier the configuration is a little more complex.
> [...]
>
> The documentation (2.6 and 3.0) seems to be completly out of dated.
> Following /usr/share/doc/squid/README.transparent-proxy:
> --->8---
> You can do transparent caching on Linux, Solaris, and BSD derivations.
>
> The FAQ talks about this, see FAQ-17.html. It says:
>
> The trick is to get the operating system to forward certain IP packets
> to the application. This document currently contains only instruction
> for configuring transparent caching on Linux and Solaris.
>
> Here are the important settings in squid.conf:
>
> http_port 80
> icp_port 3130
> httpd_accel virtual 80
> httpd_accel_with_proxy on
>
> The Linux section of the FAQ is out of date. For example it says:
> [...]
> ----8<----
>
> same to file:///usr/share/doc/squid/FAQ-17.html
> and http://www.deckle.co.za/squid-users-...parent_Caching
>
>
> Using "http_port 3128 transparent" give's no error but it isn't working
> to me:
>
> $ iptables -t nat -L
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> REDIRECT tcp -- anywhere anywhere tcp dpt:www
> redir ports 3128
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
>
> /var/log/squid/access.log gives no hit.
>
> Where can I find actually docs about configuration transparent squid
> proxy on debian/linux?

First show me iptables -t nat -L -v

Try do it iptables -t nat -A PREROUTING -p tcp --dport 80 -s
your_local_net/class -j DNAT --to your_local_ip:3128

Regards
--
T.K - http://www.trefl.pl
Wypozyczalnia samochodów Kraków
Wynajem samochodów Kraków
Wynajem samochodów w Krakowie
Rent a car krakow
Car rental krakow

(E-Mail Removed) schrieb:
> Olaf Petzold napisal(a):
>>>> $ /etc/init.d/squid restart
>>>> Restarting Squid HTTP proxy: squid Waiting.........done.
>>>> 2006/10/06 09:36:43| parseConfigFile: line 2262 unrecognized:
>>>> 'httpd_accel_host virtual'
>>>> 2006/10/06 09:36:43| parseConfigFile: line 2263 unrecognized:
>>>> 'httpd_accel_port 80'
>>>> 2006/10/06 09:36:43| parseConfigFile: line 2293 unrecognized:
>>>> 'httpd_accel_with_proxy on'
>>>> 2006/10/06 09:36:43| parseConfigFile: line 2314 unrecognized:
>>>> 'httpd_accel_uses_host_header on'
>>>
>>> For Squid-2.6 and Squid-3.0 you simply need to add the keyword
>>> transparent on the http_port that your proxy will receive the
>>> redirected requests on as the above directives are not necessary and in
>>> fact have been removed in those releases:
>>>
>>> http_port 3128 transparent
>>>
>>> For Squid-2.5 and earlier the configuration is a little more complex.
>> [...]
>>
>> The documentation (2.6 and 3.0) seems to be completly out of dated.
>> Following /usr/share/doc/squid/README.transparent-proxy:
>> --->8---
>> You can do transparent caching on Linux, Solaris, and BSD derivations.
>>
>> The FAQ talks about this, see FAQ-17.html. It says:
>>
>> The trick is to get the operating system to forward certain IP packets
>> to the application. This document currently contains only instruction
>> for configuring transparent caching on Linux and Solaris.
>>
>> Here are the important settings in squid.conf:
>>
>> http_port 80
>> icp_port 3130
>> httpd_accel virtual 80
>> httpd_accel_with_proxy on
>>
>> The Linux section of the FAQ is out of date. For example it says:
>> [...]
>> ----8<----
>>
>> same to file:///usr/share/doc/squid/FAQ-17.html
>> and http://www.deckle.co.za/squid-users-...parent_Caching
>>
>>
>> Using "http_port 3128 transparent" give's no error but it isn't working
>> to me:
>>
>> $ iptables -t nat -L
>> Chain PREROUTING (policy ACCEPT)
>> target prot opt source destination
>> REDIRECT tcp -- anywhere anywhere tcp dpt:www
>> redir ports 3128
>>
>> Chain POSTROUTING (policy ACCEPT)
>> target prot opt source destination
>>
>> Chain OUTPUT (policy ACCEPT)
>> target prot opt source destination
>>
>>
>> /var/log/squid/access.log gives no hit.
>>
>> Where can I find actually docs about configuration transparent squid
>> proxy on debian/linux?
>
> First show me iptables -t nat -L -v

$ iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 26 packets, 7562 bytes)
pkts bytes target prot opt in out source
destination
0 0 REDIRECT tcp -- eth0 any anywhere
anywhere tcp dpt:www redir ports 3128

Chain POSTROUTING (policy ACCEPT 41 packets, 2567 bytes)
pkts bytes target prot opt in out source
destination

Chain OUTPUT (policy ACCEPT 41 packets, 2567 bytes)
pkts bytes target prot opt in out source
destination


I'm starting in iptables, no rules further more.

> Try do it iptables -t nat -A PREROUTING -p tcp --dport 80 -s
> your_local_net/class -j DNAT --to your_local_ip:3128

I used:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128

squid is running on the same linux box.

Thanks
Olaf

> First show me iptables -t nat -L -v

$ iptables -t nat -A PREROUTING -p tcp --dport 80 -s 192.168.1.0/24 -j
DNAT --to 192.168.1.2:3128
$ iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 1215 packets, 76069 bytes)
pkts bytes target prot opt in out source
destination
0 0 DNAT tcp -- any any 192.168.1.0/24
anywhere tcp dpt:www to:192.168.1.2:3128

Chain POSTROUTING (policy ACCEPT 6004 packets, 350K bytes)
pkts bytes target prot opt in out source
destination

Chain OUTPUT (policy ACCEPT 6004 packets, 350K bytes)
pkts bytes target prot opt in out source
destination


$ ifconfig eth0
eth0 Protokoll:Ethernet Hardware Adresse XX:XX:XX:XX:XX:XX
inet Adresse:192.168.1.2 Bcast:192.168.1.255
Maske:255.255.255.0
inet6 Adresse: fe80::220:edff:fe4e:1e99/64
Gültigkeitsbereich:Verbindung
UP BROADCAST RUNNING MULTICAST MTU:1320 Metric:1
RX packets:457641 errors:0 dropped:0 overruns:0 frame:0
TX packets:454469 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:1000
RX bytes:421959927 (402.4 MiB) TX bytes:224457018 (214.0 MiB)

googling for more, needed:

$ cat /proc/sys/net/ipv4/ip_forward
1

>>> For Squid-2.6 and Squid-3.0 you simply need to add the keyword
>>> transparent on the http_port that your proxy will receive the
>>> redirected requests on as the above directives are not necessary and in
>>> fact have been removed in those releases:
>>>
>>> http_port 3128 transparent

[...]


> First show me iptables -t nat -L -v
>
> Try do it iptables -t nat -A PREROUTING -p tcp --dport 80 -s
> your_local_net/class -j DNAT --to your_local_ip:3128

I added a log entry:

$ iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 1262 packets, 78841 bytes)
pkts bytes target prot opt in out source
destination
6 288 REDIRECT tcp -- any any anywhere
anywhere tcp dpt:www redir ports 3128
0 0 LOG tcp -- any any anywhere
anywhere tcp dpt:www LOG level warning prefix `[IPT TPROXY]'

Chain POSTROUTING (policy ACCEPT 18041 packets, 1092K bytes)
pkts bytes target prot opt in out source
destination

Chain OUTPUT (policy ACCEPT 17923 packets, 1087K bytes)
pkts bytes target prot opt in out source
destination

transparent proxy isn't working, no log entry in syslog/iptables.log or
squid/access.log

Anybody running a squid 2.6stable3 transparent proxy on linux?

anyway: squidclient www.debian.org is calling squid's log, of course ;-)

Thanks
Olaf

Olaf Petzold napisal(a):
> >>> For Squid-2.6 and Squid-3.0 you simply need to add the keyword
> >>> transparent on the http_port that your proxy will receive the
> >>> redirected requests on as the above directives are not necessary and in
> >>> fact have been removed in those releases:
> >>>
> >>> http_port 3128 transparent
>
> [...]
>
>
> > First show me iptables -t nat -L -v
> >
> > Try do it iptables -t nat -A PREROUTING -p tcp --dport 80 -s
> > your_local_net/class -j DNAT --to your_local_ip:3128
>
> I added a log entry:
>
> $ iptables -t nat -L -v
> Chain PREROUTING (policy ACCEPT 1262 packets, 78841 bytes)
> pkts bytes target prot opt in out source
> destination
> 6 288 REDIRECT tcp -- any any anywhere
> anywhere tcp dpt:www redir ports 3128
> 0 0 LOG tcp -- any any anywhere
> anywhere tcp dpt:www LOG level warning prefix `[IPT TPROXY]'
>
> Chain POSTROUTING (policy ACCEPT 18041 packets, 1092K bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain OUTPUT (policy ACCEPT 17923 packets, 1087K bytes)
> pkts bytes target prot opt in out source
> destination
>
> transparent proxy isn't working, no log entry in syslog/iptables.log or
> squid/access.log
>
> Anybody running a squid 2.6stable3 transparent proxy on linux?
>
> anyway: squidclient www.debian.org is calling squid's log, of course ;-)


for me working ok on this same configuration, hmm strange ... what u
have in logs ? access.log ?? error ? some ? try do tcpdump src host ip
where u test squid and paste what u have


Regards
--
A.B - http://www.dzialkinadmorzem.pl/
http://www.baugrundstuck.de
campingplätze in Polen
urlaub in polen
wetter polen
Ostsee Polen