Возникла необходимость построить связку squid(acl/rejik) -> havp/calmav -> squid(cache), ну и + sarg для отчетов.
Все настроил до работоспособного состояния, но возникла проблема с прозрачностью. Как только выставляю transparent в настройках и делаю проброс на фаерволе, получаю ответ от сквида:
The requested URL could not be retrieved
...
The following error was encountered: * Invalid Request
Some aspect of the HTTP Request is invalid. Possible problems:
...
В чем я не прав и работает ли вообще вся эта связка в транспаренте.
ОС Ubuntu 8.04
Конфиги.
squid.conf
cache_effective_user proxy
cache_effective_group proxy
#proxy setting
http_port 3128
http_port 3129
acl from_client myport 3128
acl from_havp myport 3129
#Logging
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
visible_hostname ***
#defining access lists
acl all src 0.0.0.0/0.0.0.0
acl localnet src 192.168.0.0/24
acl localhost src 127.0.0.1/255.255.255.255
#acl localhost src 127.0.0.2/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 #https
#acl SSL_ports port 563 #snews
acl SSL_ports port 873 #rsync
acl Safe_ports port 80 #http
acl Safe_ports port 21 #ftp
acl Safe_ports port 433 #https
acl Safe_ports port 70 #gopher
acl Safe_ports port 210 #wais
acl Safe_ports port 1025-65534 #unregistered ports
acl Safe_ports port 280 #http-mgmt
#acl Safe_ports port 488 #gss-http
#acl Safe_ports port 591 #filemaker
#acl Safe_ports port 777 #multiling http
acl Safe_ports port 631 #cups
acl Safe_ports port 873 #rsync
#acl Safe_ports port 901 #SWAT
acl CONNECT method CONNECT
#Cache manager
acl manager proto cache_object
#allow cache_manager only to local
http_access allow manager localhost
http_access deny manager
#Allow access from localnet
http_access deny !Safe_ports
#Deny connect other then ssl ports
http_access deny CONNECT !SSL_ports
cache_peer 127.0.0.1 parent 8081 0 no-query no-digest no-netdb-exchange default
#No SSL to HAVP
cache_peer_access 127.0.0.1 deny CONNECT
cache_peer_access 127.0.0.1 deny from_havp
cache_peer_access 127.0.0.1 allow all
http_access allow from_havp localhost
http_access deny from_havp all
http_access allow localhost
http_access allow localnet
#Deny all other access
http_access deny all
http_reply_access allow all
icp_access allow all
no_cache deny localhost
no_cache deny CONNECT
no_cache deny all
redirect_program /usr/local/rejik3/redirector /etc/rejik/redirector.conf
havp.conf
PARENTPROXY 127.0.0.1
PARENTPORT 3129
PORT 8081
...
Фаервол Firehol, нужные порты открыты.