Re: [squid-users] Have anyone success to setup a tproxy mode squid on a bridge?

From: zulkarnain <sizulku_at_yahoo.com>
Date: Thu, 15 Jan 2009 19:25:16 -0800 (PST)

Hi,

I' running tproxy2 + squid-2.7stable5 as bridge and work good. I'm using only one rule as below:

iptables -t tproxy -A PREROUTING -i br0 -p tcp -m tcp --dport 80 -j TPROXY --on-port 3128

Rgds,
Zul

--- On Wed, 1/14/09, Benjamin Tan <tanbamboo_at_gmail.com> wrote:

> From: Benjamin Tan <tanbamboo_at_gmail.com>
> Subject: [squid-users] Have anyone success to setup a tproxy mode squid on a bridge?
> To: squid-users_at_squid-cache.org
> Date: Wednesday, January 14, 2009, 5:09 PM
> Dear Everyone,
>
> I have tried the tproxy, following the offical guild, but
> it seems that it not work on a bridge.
> My Network is like this: Client -> eth0 -> br0 ->
> eth1 -> WebServer
>
> The linux box using kernel 2.6.26, with
> tproxy4-2.6.26-200809262032.tar.bz2, and
> # dmesg|grep -i tproxy
> NF_TPROXY: Transparent proxy support initialized, version
> 4.1.0
> NF_TPROXY: Copyright (c) 2006-2007 BalaBit IT Ltd.
>
> Squid(3.1.0.3, configure with --enable-linux-netfilter) is
> running on:
> http_port 3128 tproxy
> and iptables(1.4.0 with
> tproxy-iptables-1.4.0-20080521-113954-1211362794.patch)
> rule:
> -A PREROUTING -p tcp -m socket -j DIVERT
> -A DIVERT -j MARK --set-mark 0x1
> -A DIVERT -j ACCEPT
> -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY
> --on-port 3128 --tproxy-mark 0x1/0x1
> and ip rule and route:
> ip rule add fwmark 1 lookup 100
> ip route add local 0.0.0.0/0 dev lo table 100
>
> I have tried to find the reason for many days, but no one
> is work.
>
> Any advice or information is appreciated. Thank you.
>
> --
> Benjamin

      
Received on Fri Jan 16 2009 - 03:25:27 MST

This archive was generated by hypermail 2.2.0 : Fri Jan 16 2009 - 12:00:03 MST