What kernel/iptables/distro are you using?
I am getting this exact same problem and I copied the iptables rules
from my working TPROXY/SQUID setup and the only difference was the
kernel and iptables version.
I think there is some TPROXY breakage somewhere in the later kernels,
and/or iptables, and/or squid. I have been testing this with RHEL v6
kernel and iptables rpms with squid 3.1.14. I know the problem is
somewhere with iptables/kernel because a packet sniffer shows something
odd with the outgoing traffic from the squid software to the origin web
servers.
Nicholas
-----Original Message-----
From: User User [mailto:netwotkstudent_at_yahoo.com]
Sent: Saturday, August 20, 2011 10:16 AM
To: squid-users_at_squid-cache.org
Subject: [squid-users] Tproxy time
Hi,
I have a linux box which I installed Squid. I used steps from wiki links
(http://wiki.squid-cache.org/Features/Tproxy4) to compile kernel ,
iptables ,...
The box working normal on 3128 when I set manual proxy on client , but
for tproxy tranparnet mode I am getting timeout on client after some
minutes.
I am routing traffic from client to this box and try to catch the but
iptables (tproxy).I am seeing requests on access log too.
http_port 3128
http_port 3129 tproxy
ip rule add fwmark 1 lookup 100
ip -f inet route add local 0.0.0.0/0 dev eth0 table 100 iptables -t
mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A PREROUTING
-p tcp -m socket -j DIVERT iptables -t mangle -A PREROUTING -p tcp
--dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
thanks for your help.
Received on Sat Aug 20 2011 - 16:30:14 MDT
This archive was generated by hypermail 2.2.0 : Sat Aug 20 2011 - 12:00:02 MDT