Unable to get Squid transparent proxy to accept traffic on its own



  • Hello,

    I have two CARP router setup's at two different office locations  Each CARP setup consists of 2 routers, each with a LAN, WAN and SYNC physical interface.  Both locations are running 2.1.4 and have the following packages installed and on the latest updated as of today:  Squid, HAVP, Snort, pfBlocker.  My issue on one router is with the Squid and HAVP packages.  At one office in the USA, everything appears to run just fine and does what is expected.  The Squid proxy is working in transparent mode and HAVP runs as the parent to SQUID.  I can test with EICAR and I receive a block page as expected and the access.log for squid shows traffic going through therefore its caching.

    However, with the same exact setup in another office (Netherlands) traffic refuses to go through the SQUID proxy then to HAVP.  Looking at access.log, nothing appears but the access and cache files in /var/squid/logs are created.

    I've tried navigating to http://routerIP:3128 and receive the following:

    **_ERROR
    The requested URL could not be retrieved

    While trying to process the request:

    GET / HTTP/1.1
    Host: 192.168.5.1:3128
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Cookie: PHPSESSID=cb73d401520ddaaace63de28022973ed; cookie_test=1409842330
    Connection: keep-alive

    The following error was encountered:

    Invalid Request

    Some aspect of the HTTP Request is invalid. Possible problems:

    Missing or unknown request method
        Missing URL
        Missing HTTP Identifier (HTTP/1.0)
        Request is too large
        Content-Length missing for POST or PUT requests
        Illegal character in hostname; underscores are not allowed_**

    If I set my web browser to use the proxy 192.168.5.1:3128, the proxy works and HAVP blocks the EICAR test file.

    I have Squid setup identical to the USA office which is set to:

    Proxy Interface: LAN
    Allow Users: check
    Transparent Proxy: check

    I've tried adding my subnet to the ACL and that was not helping.

    When I navigate to http://RouterIP:3128 and get the above message, in the logs it shows:  TCP_DENIED/400 1881 GET NONE:// - NONE/- text/html

    I've also tried specifying google DNS servers in case something was wrong there but that didn't fix the issue either.

    Any ideas where to look or something to test would be appreciated.

    Thanks!


Log in to reply