[squid-users] Fwd: Tproxy Squid 3.1

From: Daniel Echizen <napala_at_gmail.com>
Date: Mon, 30 Apr 2012 17:42:01 -0300

Hi,
Im facing a weird problem with tproxy few weeks, the problem is, all
work fine except clients that is behind a tplink router and another
one that i dont remembe, but almost tplink wr541g routers, if i remove
iptables mangle redirect rule, client has traffic, enable not, dont
speak english very well, so i hope someone can understand and help
me.. this is a server with 1000+ clients, and im getting very
frustrated with this problem.

my config:

ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100

/sbin/iptables -v -t mangle -N DIVERT
/sbin/iptables -v -t mangle -A DIVERT -j MARK --set-mark 1
/sbin/iptables -v -t mangle -A DIVERT -j ACCEPT
/sbin/iptables -v -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
/sbin/iptables -v -t mangle -D PREROUTING -p tcp --dport 80 \
                  -j TPROXY --tproxy-mark 0x1/0x1 --on-port 5128 2>&1

/usr/local/sbin/ebtables -t broute -A BROUTING -i eth5 -p ipv4
--ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP
/usr/local/sbin/ebtables -t broute -A BROUTING -i eth3 -p ipv4
--ip-proto tcp --ip-sport 80 -j redirect --redirect-target DROP

cd /proc/sys/net/bridge/
for i in *
do
echo 0 > $i
done
unset i

echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 1 > /proc/sys/net/ipv4/ip_forward

i hav 2 interfaces in bridge, as i said.. all working fine.. except
with this tplink routers
also got log in iptable mangle, and then i can see traffic from the
client router, but traffic cant reach squid
, in access.log cant get anything
i use a mikrotik as pppoe-server, my network is:

router <-> squidbox <-> mikrotik <-> clients

hope someone help!
Received on Mon Apr 30 2012 - 20:42:29 MDT

This archive was generated by hypermail 2.2.0 : Tue May 01 2012 - 12:00:05 MDT