On 02/05/2012 19:08, Daniel Echizen wrote:
for how many clients are you having the problem?
what linux distribution are you using for proxy?? i remember that i had
similar problem with tproxy (not tplink specific) on centos and fedora.
is there a specific reason for the " 2>&1" in the tproxy mark?
does port 5128 is the port for tproxy?
are there any other routing tables on the machine?
have you tried to connect a machine directly to the squidbox switch and
use it as a default gateway?
Eliezer
> Hi,
> Im facing a weird problem with tproxy few weeks, the problem is, all
> work fine except clients that is behind a tplink router and another
> one that i dont remembe, but almost tplink wr541g routers, if i remove
> iptables mangle redirect rule, client has traffic, enable not, dont
> speak english very well, so i hope someone can understand and help
> me.. this is a server with 1000+ clients, and im getting very
> frustrated with this problem.
>
> my config:
>
> ip rule add fwmark 1 lookup 100
> ip route add local 0.0.0.0/0 dev lo table 100
>
> /sbin/iptables -v -t mangle -N DIVERT
> /sbin/iptables -v -t mangle -A DIVERT -j MARK --set-mark 1
> /sbin/iptables -v -t mangle -A DIVERT -j ACCEPT
> /sbin/iptables -v -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
> /sbin/iptables -v -t mangle -D PREROUTING -p tcp --dport 80 \
> -j TPROXY --tproxy-mark 0x1/0x1 --on-port 5128 2>&1
>
> /usr/local/sbin/ebtables -t broute -A BROUTING -i eth5 -p ipv4
> --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP
> /usr/local/sbin/ebtables -t broute -A BROUTING -i eth3 -p ipv4
> --ip-proto tcp --ip-sport 80 -j redirect --redirect-target DROP
>
> cd /proc/sys/net/bridge/
> for i in *
> do
> echo 0> $i
> done
> unset i
>
> echo 0> /proc/sys/net/ipv4/conf/lo/rp_filter
> echo 0> /proc/sys/net/ipv4/conf/all/rp_filter
> echo 1> /proc/sys/net/ipv4/ip_forward
>
>
> i hav 2 interfaces in bridge, as i said.. all working fine.. except
> with this tplink routers
> also got log in iptable mangle, and then i can see traffic from the
> client router, but traffic cant reach squid
> , in access.log cant get anything
> i use a mikrotik as pppoe-server, my network is:
>
> router<-> squidbox<-> mikrotik<-> clients
>
> With Squid inline on a bridge like this there should be *no* squid
> related configuration outside the Squid box.
>
> Is the tplink being used as "router" or "squidbox" in that diagram?
>
> What kernel and iptables version is the squidbox? some of the older
> 2.6.3x kernels have bridge+tproxy problems.
>
>
> Amos
>
>
>
>
>
> I got some more info.. the conection from client tplink dont answer
> syn, ack in tshark.. i can see syn -> | ack<- | syn, ack -> , but
> final ack from client dont..
> i upgrated kernel to 3.3.4 and iptables to 1.4.13 .. all work fine
> except the problem with tplink wireless router..
-- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer <at> ngtech.co.ilReceived on Wed May 02 2012 - 19:06:26 MDT
This archive was generated by hypermail 2.2.0 : Thu May 03 2012 - 12:00:02 MDT