[squid-users] TPROXY Routing from Kurt Sandstrom on 2010-03-31 (squid-users)

From: Kurt Sandstrom <sandmanaz_at_gmail.com>
Date: Wed, 31 Mar 2010 09:47:49 -0700

I have been unable to get TPROXY working correctly with squid. I have
used the steps in http://wiki.squid-cache.org/Features/Tproxy4 and re
checked everything.

Versions:

Kernel 2.6.28-11-server (ubuntu)

Squid Cache: Version 3.1.1
configure options: '--build=x86_64-linux-gnu' '--prefix=/usr'
'--includedir=/include' '--mandir=/share/man' '--infodir=/share/info'
'--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=/lib/squid3'
'--disable-maintainer-mode' '--disable-dependency-tracking'
'--srcdir=.' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3'
'--mandir=/usr/share/man' '--with-cppunit-basedir=/usr'
'--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs'
'--enable-removal-policies=lru,heap' '--enable-delay-pools'
'--enable-cache-digests' '--enable-underscores'
'--enable-follow-x-forwarded-for' '--enable-auth=basic'
'--enable-external-acl-helpers=ip_user' '--with-filedescriptors=65536'
'--with-default-user=proxy' '--enable-epoll'
'--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu'
--with-squid=/home/mike/squid-3.1.1 --enable-ltdl-convenience

iptables v1.4.3

I can see http traffic incrementing through my DIVERT and PREROUTING tables

Chain PREROUTING (policy ACCEPT 166K packets, 41M bytes)
pkts bytes target prot opt in out source
destination
2963 202K DIVERT tcp -- any any anywhere
anywhere socket
1684 85244 TPROXY tcp -- any any anywhere
anywhere tcp dpt:www TPROXY redirect 0.0.0.0:3129 mark
0x1/0x1

Chain INPUT (policy ACCEPT 22640 packets, 1278K bytes)
pkts bytes target prot opt in out source
destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination

Chain OUTPUT (policy ACCEPT 23918 packets, 3770K bytes)
pkts bytes target prot opt in out source
destination

Chain POSTROUTING (policy ACCEPT 23918 packets, 3770K bytes)
pkts bytes target prot opt in out source
destination

Chain DIVERT (1 references)
pkts bytes target prot opt in out source
destination
2963 202K MARK all -- any any anywhere
anywhere MARK xset 0x1/0xffffffff
2963 202K ACCEPT all -- any any anywhere anywhere

When I use -v -v there all the counters for errors are at 0

Squidclient shows:

Connection information for squid:
Number of clients accessing cache: 2
Number of HTTP requests received: 7 (from squidclient access)

And my store isn't growing at all.

It seems squid is not getting the traffic from my iptables... any ideas??
Received on Wed Mar 31 2010 - 16:48:00 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 12:00:05 MDT