[squid-users] Fwd: MultipleInstances port-redirecting problem

From: Artemis BRAJA <a.braja_at_primo.al>
Date: Wed, 10 Nov 2010 12:00:57 +0100

Hello,

I successfully started two squid instances with 2 different config-files
respectively listening on port 3128 and port 3129.
Squid is not configured as a transparent proxy.
I also successfully executed the sell script mentioned here
<http://wiki.squid-cache.org/MultipleInstances>, the only thing that I
changed was the destination port from 80 to 3130.
This port (3130) normally is used to configure clients proxy port
configurations.
The problem is that I'm unable to open any web-page.
It seem that no packets are passing through the chains.
Actually my /etc/sysconfig/iptables looks like this:
/# Generated by iptables-save v1.4.7 on Wed Nov 10 11:48:23 2010
*mangle
:PREROUTING ACCEPT [13:1014]
:INPUT ACCEPT [135:10622]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [76:10400]
:POSTROUTING ACCEPT [76:10400]
:DIVERT - [0:0]
:extrachain - [0:0]
-A PREROUTING -p tcp -m socket -j DIVERT
-A PREROUTING -p tcp -m tcp --dport 3130 -m conntrack --ctstate NEW -j
extrachain
-A PREROUTING -i eth0 -p tcp -m tcp --dport 3130 -m connmark --mark 0x0
-j TPROXY --on-port 3128 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
-A PREROUTING -i eth0 -p tcp -m tcp --dport 3130 -m connmark --mark 0x1
-j TPROXY --on-port 3129 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
-A DIVERT -j MARK --set-xmark 0x1/0xffffffff
-A DIVERT -j ACCEPT
-A extrachain -m statistic --mode nth --every 2 -j CONNMARK --set-xmark
0x0/0xffffffff
-A extrachain -m statistic --mode nth --every 2 --packet 1 -j CONNMARK
--set-xmark 0x1/0xffffffff
COMMIT
# Completed on Wed Nov 10 11:48:23 2010
# Generated by iptables-save v1.4.7 on Wed Nov 10 11:48:23 2010
*filter
:INPUT ACCEPT [8435:541409]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5439:343824]
-A INPUT -j LOG --log-level 7
COMMIT
# Completed on Wed Nov 10 11:48:23 2010
/
Regards
Artemis

-- 
Artemis Braja | System Administrator
T +355 4 4400123 |  F +355 4 225 11 33
M +355 67 40 40 202 |www.primo.al <http://www.primo.al>
Rr. Donika Kastrioti #4|  Tirana, Albania
Received on Wed Nov 10 2010 - 11:01:05 MST

This archive was generated by hypermail 2.2.0 : Wed Nov 10 2010 - 12:00:03 MST