From owner-freebsd-questions@FreeBSD.ORG Mon Nov 26 09:39:08 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D6ED09DA for ; Mon, 26 Nov 2012 09:39:08 +0000 (UTC) (envelope-from c.kworr@gmail.com) Received: from mail-ie0-f182.google.com (mail-ie0-f182.google.com [209.85.223.182]) by mx1.freebsd.org (Postfix) with ESMTP id 92B398FC0C for ; Mon, 26 Nov 2012 09:39:08 +0000 (UTC) Received: by mail-ie0-f182.google.com with SMTP id s9so11991207iec.13 for ; Mon, 26 Nov 2012 01:39:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=F8BBCmeu0zolhLhJ7bOXeiNPf3JR9bYrV4mZHjDIVb0=; b=Z93Imdg/QNyhsQmoTXhB+sBJOiPYs6pXIdXphj2su//SkXDSkznYTxvoevbhPAS9cS Q+SBxOnzd+NBEgMEtYvfpCJmdAhyEaMLik6NMyuhuTjwQTVN7iitIu/EgjLFAIXuh+BR pP6rQvAmO7YAjwEMUsj1SjETQH8VqGUeFyA/UqTUGFlJirvZ+RnLbmOPDiSqxDin5GjQ iCZtsjz1OvbpnGvWIUy07a6rg7yLRThP4LhXJFQ4RcH2OtQqFmLtCNi431EWirijPTy5 kyYMxK8SCmjjYkzXKNEX3YuPmZK9jJbplTGq/zcsm9/Kqe+C/Dw+c7bLj7y3ej3uZcY3 Jf0A== Received: by 10.50.160.165 with SMTP id xl5mr10620833igb.54.1353922742541; Mon, 26 Nov 2012 01:39:02 -0800 (PST) Received: from [192.168.1.132] (mau.donbass.com. [92.242.127.250]) by mx.google.com with ESMTPS id i10sm10443358igb.12.2012.11.26.01.39.00 (version=SSLv3 cipher=OTHER); Mon, 26 Nov 2012 01:39:01 -0800 (PST) Message-ID: <50B338B2.3090600@gmail.com> Date: Mon, 26 Nov 2012 11:38:58 +0200 From: Volodymyr Kostyrko User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/17.0 Firefox/17.0 SeaMonkey/2.14 MIME-Version: 1.0 To: Leslie Jensen Subject: Re: Anyone using squid and pf? References: <50B0EA28.7060904@eskk.nu> In-Reply-To: <50B0EA28.7060904@eskk.nu> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd questions list X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2012 09:39:09 -0000 24.11.2012 17:39, Leslie Jensen: > > I've upgraded squid from 3.1 to 3.2. Starting squid 3.2 with the same > configuration file now gives me errors in cache.log when one tries to > access any site, and of course no access! > > 2012/11/24 16:24:56 kid1| WARNING: Forwarding loop detected for: > > Reverting back to 3.1 works. > > I know there are some changes in 3.2 that does this > > + 3.2 intercept port receiving forward-proxy requests will reject them > due to NAT failure/lies. > > + 3.2 Host header validation *will* reject if forward traffic is > validated as being intercepted. > > I would appreciate suggestions for changes to squid.conf so that squid > will work for me with version 3.2. When switching to 3.2 I had to split listening ports - one for transparency and one for the local machine. However this doesn't looks like your case. Can you please provide relevant parts of pf.conf and full log output, not just the first line? -- Sphinx of black quartz, judge my vow.