Hi All,

I need some assistance regarding a Squid setup I have. Currently I have 1 server with squid installed, and 2 servers which are configured to send all outbound port 80 traffic to this squid server.

However I keep getting a TCP_MISS/503 when checking the access.log ( squid ). Here is my squid config :

acl manager proto cache_object 

acl localhost src 127.0.0.1/32 ::1 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 443 # https acl CONNECT method CONNECT acl pre_prod src 172.16.36.81 172.16.28.82 acl app_server src 172.16.28.27 172.16.28.28 acl youtube dstdomain .youtube.com

http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports

ssl_bump allow app_server youtube http_access allow pre_prod http_access allow app_server youtube http_access deny all ssl_bump deny all

hierarchy_stoplist cgi-bin ? coredump_dir /var/spool/squid

Listen on 3128 and do ssl-bump

http_port 3128 transparent ssl-bump cert=/etc/squid/sslbump.pem

Don't cache / refresh anything

refresh_pattern . 0 0% 0

The iptables rules I have for the 2 other servers is :

-A OUTPUT ! -d 172.16.0.0/12 -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.16.28.142:3128 

The server with squid installed has a hardware firewall behind it, and before I ask the guy who handles that firewall if outbound traffic is restricted I figured I would ask here.

I did some tcpdump analysis and when I request content from the server which forwards request to the squid server I can see communication happening back and forth ( syn , syn+ack etc ) but when I request the content directly from the squid server Im getting network errors...