Re: [squid-users] Fwd: Tproxy Squid 3.1 from Amos Jeffries on 2012-04-30 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 01 May 2012 11:05:04 +1200

On 01.05.2012 08:42, Daniel Echizen wrote:
> Hi,
> Im facing a weird problem with tproxy few weeks, the problem is, all
> work fine except clients that is behind a tplink router and another
> one that i dont remembe, but almost tplink wr541g routers, if i
> remove
> iptables mangle redirect rule, client has traffic, enable not, dont
> speak english very well, so i hope someone can understand and help
> me.. this is a server with 1000+ clients, and im getting very
> frustrated with this problem.
>
> my config:
>
> ip rule add fwmark 1 lookup 100
> ip route add local 0.0.0.0/0 dev lo table 100
>
> /sbin/iptables -v -t mangle -N DIVERT
> /sbin/iptables -v -t mangle -A DIVERT -j MARK --set-mark 1
> /sbin/iptables -v -t mangle -A DIVERT -j ACCEPT
> /sbin/iptables -v -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
> /sbin/iptables -v -t mangle -D PREROUTING -p tcp --dport 80 \
> -j TPROXY --tproxy-mark 0x1/0x1 --on-port 5128 2>&1
>
> /usr/local/sbin/ebtables -t broute -A BROUTING -i eth5 -p ipv4
> --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP
> /usr/local/sbin/ebtables -t broute -A BROUTING -i eth3 -p ipv4
> --ip-proto tcp --ip-sport 80 -j redirect --redirect-target DROP
>
> cd /proc/sys/net/bridge/
> for i in *
> do
> echo 0 > $i
> done
> unset i
>
> echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
> echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
>
> i hav 2 interfaces in bridge, as i said.. all working fine.. except
> with this tplink routers
> also got log in iptable mangle, and then i can see traffic from the
> client router, but traffic cant reach squid
> , in access.log cant get anything
> i use a mikrotik as pppoe-server, my network is:
>
> router <-> squidbox <-> mikrotik <-> clients

With Squid inline on a bridge like this there should be *no* squid
related configuration outside the Squid box.

Is the tplink being used as "router" or "squidbox" in that diagram?

What kernel and iptables version is the squidbox? some of the older
2.6.3x kernels have bridge+tproxy problems.

Amos
Received on Mon Apr 30 2012 - 23:05:15 MDT

This archive was generated by hypermail 2.2.0 : Tue May 01 2012 - 12:00:05 MDT