I'm follow up every step via this link
http://web.suffieldacademy.org/ils/netadmin/docs/software/squid/ and
everything that work fine.
-----Original Message-----
From: admin@abp.pl [mailto:admin@abp.pl]
Sent: Saturday, March 29, 2008 4:04 AM
To: squid-users@squid-cache.org
Subject: [squid-users] TPROXY but without bridging?
Hello,
I'm using Squid Cache: Version 2.6.STABLE18
Is there posibility to use it as fully transprent proxy (with tproxy) but
without bridging interfaces?
My topology:
[router 0]---[Internet]
|
|
[===switch=======================]
| | |
[squid] [ router a ][ router b ] .....
to routers a,b... are connected clients. On that routers I have DNAT
--to-destiation squid:80
On squid machine i have 2.6.25-rc7 kernel and Squid with patches from
http://people.balabit.hu/panther/tproxy/.
And:
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY \
--tproxy-mark 0x1/0x1 -on-port 3128
iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
squid.conf:
..
http_port 3128 transparent tproxy
tcp_outgoing_address [machine ip]
..
When I test this configuration webservers logs connection from clients
from routers a,b... with ip of squid machine. So tproxy doesnt' work.
Can I fix it?
PS. It's urgent for me, please help;)
Regards,
Tomasz
Received on Fri Mar 28 2008 - 20:28:35 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT