[squid-users] bridge + Squid + Tproxy

From: Mamadou Touré <e2ia.ci_at_gmail.com>
Date: Thu, 12 Aug 2010 11:36:17 +0000

Hi all,
i've implemented squid with tproxy on a linux bridge for transparent
proxy of my clients
.
Internet-----router------squid(bridge)-----Router-------client

i've made these config:
+++++++++++++++++++++++++++++++++++++++++++++++
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100

echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT

iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT

iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 3129

ebtables -t broute -A BROUTING -i $CLIENT_IFACE -p ipv4 --ip-proto tcp
--ip-dport 80 -j redirect --redirect-target DROP

cd /proc/sys/net/bridge/
 for i in *
 do
   echo 0 > $i
 done
 unset i
+++++++++++++++++++++++++++++++++++++++++++++++++++++

But my client cannot browse on internet
in access log i got TCP_MISS/504 error.
can someone help me ?
regards
Received on Thu Aug 12 2010 - 11:36:31 MDT

This archive was generated by hypermail 2.2.0 : Thu Aug 12 2010 - 12:00:03 MDT