I have the following in startup....
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
The ouput of ip route show table 100: local default dev lo scope host
One other thing is strange, my PREROUTING rules in mangle don't load
in my script. I have to manually add them. Timing issue perhaps?
Startup script loded from rc.local:
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 3129
ebtables -t broute -A BROUTING -i eth1 -p ipv4 --ip-proto tcp
--ip-dport 80 -j redirect --redirect-target DROP
ebtables -t broute -A BROUTING -i eth0 -p ipv4 --ip-proto tcp
--ip-sport 80 -j redirect --redirect-target DROP
cd /proc/sys/net/bridge/
for i in *
do
echo 0 > $i
done
unset i
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
2010/3/31 Henrik Nordström <henrik_at_henriknordstrom.net>:
> ons 2010-03-31 klockan 09:47 -0700 skrev Kurt Sandstrom:
>> I have been unable to get TPROXY working correctly with squid. I have
>> used the steps in http://wiki.squid-cache.org/Features/Tproxy4 and re
>> checked everything.
>>
>
> I did not see your routing setup in the data you dumped. Without the
> routing configured then TPROXY won't intercept, just route like normal..
>
> http://wiki.squid-cache.org/Features/Tproxy4#Routing_configuration
>
> Regards
> Henrik
>
>
Received on Wed Mar 31 2010 - 23:54:01 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 12:00:05 MDT