Unable to get Squid transparent proxy to accept traffic on its own
I have two CARP router setup's at two different office locations Each CARP setup consists of 2 routers, each with a LAN, WAN and SYNC physical interface. Both locations are running 2.1.4 and have the following packages installed and on the latest updated as of today: Squid, HAVP, Snort, pfBlocker. My issue on one router is with the Squid and HAVP packages. At one office in the USA, everything appears to run just fine and does what is expected. The Squid proxy is working in transparent mode and HAVP runs as the parent to SQUID. I can test with EICAR and I receive a block page as expected and the access.log for squid shows traffic going through therefore its caching.
However, with the same exact setup in another office (Netherlands) traffic refuses to go through the SQUID proxy then to HAVP. Looking at access.log, nothing appears but the access and cache files in /var/squid/logs are created.
I've tried navigating to http://routerIP:3128 and receive the following:
The requested URL could not be retrieved
While trying to process the request:
GET / HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=cb73d401520ddaaace63de28022973ed; cookie_test=1409842330
The following error was encountered:
Some aspect of the HTTP Request is invalid. Possible problems:
Missing or unknown request method
Missing HTTP Identifier (HTTP/1.0)
Request is too large
Content-Length missing for POST or PUT requests
Illegal character in hostname; underscores are not allowed_**
If I set my web browser to use the proxy 192.168.5.1:3128, the proxy works and HAVP blocks the EICAR test file.
I have Squid setup identical to the USA office which is set to:
Proxy Interface: LAN
Allow Users: check
Transparent Proxy: check
I've tried adding my subnet to the ACL and that was not helping.
When I navigate to http://RouterIP:3128 and get the above message, in the logs it shows: TCP_DENIED/400 1881 GET NONE:// - NONE/- text/html
I've also tried specifying google DNS servers in case something was wrong there but that didn't fix the issue either.
Any ideas where to look or something to test would be appreciated.