# struggling with bridge transparent squid



## scyzxp (Dec 18, 2011)

My rc.conf:

```
defaultrouter="10.160.14.1"
#gateway_enable="YES"
cloned_interfaces="bridge0"
ifconfig_bridge0="addm bge0 addm rl0 up"
ifconfig_bridge0_alias0="inet 10.160.14.19 netmask 255.255.255.192"
ifconfig_bge0="up"
ifconfig_rl0="up"
sshd_enable="YES"
webmin_enable="YES"
hostname="bridge"
```

My squid.conf: 

```
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32

#acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src 10.160.14.0/23

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localnet
http_access allow localhost

http_access allow all

hierarchy_stoplist cgi-bin ?
coredump_dir /var/squid/cache
visible_hostname bridge
unique_hostname test.bridge
follow_x_forwarded_for deny all
# custom
http_port 127.0.0.1:8080 intercept
cache_effective_user squid
cache_effective_group squid
```

My *squid -v*:

```
Squid Cache: Version 3.1.16
configure options:  '--with-default-user=squid' '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid'
 '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/var/squid' '--sysconfdir=/usr/local/etc/squid' '--with-logdir=/var/log/squid'
 '--with-pidfile=/var/run/squid/squid.pid' '--enable-removal-policies=lru heap' '--disable-linux-netfilter' '--disable-linux-tproxy'
 '--disable-epoll' '--disable-translation' '--enable-auth=basic digest negotiate ntlm' '--enable-basic-auth-helpers=DB NCSA PAM MSNT SMB
 squid_radius_auth YP' '--enable-digest-auth-helpers=password' '--enable-external-acl-helpers=ip_user session unix_group wbinfo_group'
 '--enable-ntlm-auth-helpers=smb_lm' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-storeio=ufs diskd aufs' '--enable-disk-io=AIO
 Blocking DiskDaemon DiskThreads' '--enable-delay-pools' '--enable-ssl' '--with-openssl=/usr' '--enable-icmp' '--enable-forw-via-db'
 '--enable-pf-transparent' '--disable-ecap' '--disable-loadable-modules' '--enable-kqueue' '--with-large-files' '--disable-optimizations'
 '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=i386-portbld-freebsd8.2' 'build_alias=i386-portbld-
 freebsd8.2' 'CC=cc' 'CFLAGS=-pipe  -I/usr/include -g' 'LDFLAGS= -rpath=/usr/lib:/usr/local/lib -L/usr/lib' 'CPPFLAGS=' 'CXX=c++'
 'CXXFLAGS=-pipe -I/usr/include -g' 'CPP=cpp' --with-squid=/usr/ports/www/squid31/work/squid-3.1.16 --enable-ltdl-convenience
```


My pf.conf:

```
ext_if="bge0"
int_if="rl0"
bride="bridge0"

rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 8080

pass in quick on $int_if route-to lo0 inet proto tcp from any to 127.0.0.1 port 8080 keep state
```

My squid log: 
cache.log

```
2011/12/18 12:09:26| [color="Red"]WARNING: Forwarding loop detected for:[/color]
GET /Artwork/SN.png HTTP/1.1
Accept: */*
Referer: http://msn.allyes.com/main/adfshow?user=MSN|Messenger|IMSCHI_CNZHS_MESGRMAINWIND_BAN234X60_I3_others&db=msn&border=0&local=yes
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; CIBA; Windows Live Messenger 14.0.8117.0416)
Host: www.squid-cache.org
Via: 1.1 test.bridge (squid/3.1.16)
X-Forwarded-For: 10.160.14.247
Cache-Control: max-age=259200
Connection: keep-alive
```

access.log


```
1324181366.084      0 10.160.14.19 [color="Red"]TCP_MISS/403[/color] 4032 GET http://www.squid-cache.org/Artwork/SN.png - NONE/- text/html
1324181366.084      1 10.160.14.247 [color="Red"]TCP_MISS/403[/color] 4091 GET http://www.squid-cache.org/Artwork/SN.png - DIRECT/209.169.10.131 text/html
```


----------



## jpierri (Nov 13, 2012)

Did you ever find what was wrong?

My setup is nearly the same as yours, except that I'm using FreeBSD 9.0 and Squid 3.2.3 from ports, and all I got is that same TCM_MISS/403 for intercepted traffic. Regular traffic passes without any glitches.

My squid.conf differs only on:


```
http_port 3129 intercept
  http_port 3128
```


----------

