Re: [squid-users] Tproxy iptables rules issue

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 24 Sep 2008 16:42:12 +1200 (NZST)

> Did you ever get this going? I have successfully setup a
> squid2.6/tproxy/iptables server, and I have successfully setup a
> squid2.6/wccp server and now I'm trying to combine both of them, but I
> think the iptables commands i'm trying are wrong. Do you have any
> suggestions?

Squid 2.6 does not have Tproxy v4.1+ support. Nick was testing a 3-HEAD
Squid server.

We just got it going yesterday :-) the patch to Squid-3 is in HEAD now.
Though a few alterations to the kernel side of TPROXY were also needed,
which may not have been added to the Balabit side quite yet.

The How-to about kernel patching is still awaiting a few adjustments due
in shortly.

Amos

>
> Thanks,
> Dan.
>
> On Fri, May 30, 2008 at 3:58 PM, Ritter, Nicholas
> <Nicholas.Ritter_at_americantv.com> wrote:
>> What exactly are the redirection rules for wccp/iptables 1.4/squid
>> 2.6/tproxy look like? I have browsed the Internet plus messed with it
>> for a while now and found that the README rules don't fully work, and
>> the examples on the Internet don't fully work.
>>
>> Symptomatically, I see the router redirecting via the GRE tunnel, the
>> squid box sees the gre packets (2.6 kernel), but ifconfig does not show
>> the GRE interface counters incrementing, and the squid service run in
>> debug mode shows no transactions. Something is wrong with either my
>> iptables rules or my GRE tunnel setup. I don't think it is the GRE
>> tunnel because I set it up the same exact was as I did the non-tproxy
>> squid boxes that I have in the same setup which are working.
>>
>> Any help would be a appreciated. I can provide my rule setup, etc. if
>> needed. My knowledge and direct interaction is limited with iptables,
>> which is one more reason why I think the problem is there. BTW - my
>> system log does show the tproxy module loading.
>>
>> Nick
>>
>
Received on Wed Sep 24 2008 - 04:42:20 MDT

This archive was generated by hypermail 2.2.0 : Wed Sep 24 2008 - 12:00:03 MDT