1

EDIT START

To clarify what I need an answer to:

  1. What is different in Squid v3.1 vs v3.0?
  2. Why does the above difference not work with ProxyChains?
  3. What changes do I need to make to Squid 3.1 to make it work with ProxyChains (compilation options, config options, etc.)?

EDIT STOP

Box: Fedora 11 x86_64

Due to a needed feature I upgraded from Squid 3.0 to Squid 3.1 and now proxychains does not seem to work anymore with Squid. proxychains still works fine with any other application.

With 3.0 I start Squid like this:

# proxychains squid -X -N

and all Squid's traffic is sent out through proxychains pre-defined proxy list.

With Squid 3.1 this does not work and all traffic is routed as normal (as if proxychains was not being invoked). The normal proxychains connections log is neither displayed showing that proxychains does not seem to receive any requests at all from Squid to forward its traffic.

Going through the release notes of 3.1, I do not see anything specific that would stop proxychains working with it.

mr-euro
  • 848
  • 3
  • 14
  • 31

3 Answers3

2

As a possible Rube Goldberg workaround, can't squid be configured to use a proxy itself? If so, and you want the various smart features of proxychains, you could run some other no-op proxy that works under proxychains. Maybe even an earlier version of squid installed in an alternate path and configured to do nothing:

squid-3.1 --> squid-3.0-noop --> proxychains

I.e. invoke proxychains /path/to/squid-3.0/bin/squid (with squid-3.0 configured to proxy request unmodified and listen on, say, port 12345), and then invoke squid-3.1 normally, but configure it to route all requests through localhost:12345.

It's convoluted, but it gets you the 3.1 features plus the proxychains features, at least until/unless some wiser soul figures out how to get it working directly.

Walter Mundt
  • 354
  • 1
  • 4
  • Not bad at all...! I had thought of using Squid's own chaining (cache_peer) option, but on a direct Squid to Squid only basis. Invoking the second Squid through ProxyChains is indeed a valid option. It does add some overhead but it could work out and I will try to test it later today. I tried to vote up your answer for now while I wait for another answer that solves this conundrum, but I spent all my reputation on the bounty. I will keep you updated, thank you! – mr-euro Oct 27 '09 at 18:19
  • voted up for being a very hackish, but clever solution :) – Sam Halicke Oct 27 '09 at 18:32
0

There is a way to make squid 5.7 work throw proxychains correctly, at least for IPv4. You must build squid yourself though. First run

./confugure && make

It will create file "/src/cf_parser.cci". Where you must replace string 48(for my system) to something from:

default_line("acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1/128 ::/128");

to:

default_line("acl to_localhost dst 127.0.0.0/8 0.0.0.0/32");

Then make install. If recompiling is not an option, the binary patching of squid executable works too. Just find corresponging string "acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1/128 ::/128" in hex editor in /usr/sbin/squid and replace all piece " ::1/128 ::/128" with zero bytes.

After that on debian it works with command like:

sudo proxychains /usr/sbin/squid -f "/etc/squid/squid.conf" -s -Y -C -N -ff proxy_instance1

-ff parameter is needed only if you run multiple instances of squid with different configs

Rengraz
  • 1
0

Anything in the Squid logs or debugging output? If this doesn't uncover anything, please grab a copy of strace and paste the beginning portion(s) of the following somewhere:

strace -t -c -o strace.log proxychains squid -X -N

It should help us get a little more insight into what's going on, given the limited information.

Sam Halicke
  • 6,222
  • 1
  • 25
  • 35
  • Squid logs show nothing abnormal. Simply each hit/miss is displayed, but no errors or warnings. ProxyChains usually outputs to the console but nothing at all is displayed. Strace log of a few browser HTTP requests through Squid attached: http://pastebin.com/m3f92f567 – mr-euro Oct 25 '09 at 09:33
  • @serverninja do you need any other logs? – mr-euro Oct 26 '09 at 14:11
  • Actually, if you could use strace without the -c option (my mistake). I'm trying to find where it is hanging, perhaps a long series of poll() with no answer, errors on a read(), etc. – Sam Halicke Oct 26 '09 at 17:20
  • Thx serverninja. I had to remove the debug option (-X) of Squid as the strace.log was too big to paste into pastebin: http://pastebin.com/mb3ac15f – mr-euro Oct 27 '09 at 10:54