[squid-users] Re: TPROXY from alvarogp on 2013-05-23 (squid-users)

From: alvarogp <alvarix.gp_at_gmail.com>
Date: Thu, 23 May 2013 00:29:53 -0700 (PDT)

Hello,

I have the next configuration:
- Ubuntu 12.04 with 2 interfaces eth0 (local) and eth1 (internet access)
- IPtables 1.4.12
- Squid 3.3.4 with Tproxy

With Iptables I have configured the proxy to forward the traffic from the
local LAN (eth0) to the outside world (eth1). The configuration is:

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j
ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

To configure and install Tproxy I have followed the tutorial described in
the wiki:

./configure --enable-linux-netfilter

net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0

iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark
0x1/0x1 --on-port 3129

For squid.conf, I have maintained the configuration my default adding to it:

http_port 3128
http_port 3129 tproxy

If Squid is running, the packets from the local LAN are routed correctly and
the web pages are showed perfectly. The problem I have is that this accesses
are not reflected in the access.log and cache.log, so could be possible that
squid is not caching any cacheable content?

I read one other post from a guy who had a very similar problem:

http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-TPROXY-and-empty-access-log-td1036667.html

If I do the same that him specifying in the user's browser the proxy,
activity (ABORTED request for each web I have tried to access) is reflected
in access.log. The time out expires and the local LAN users cannot access to
Internet.

All the information needed please tell me.

Thank you in advance,

Alvaro

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TPROXY-tp4658393p4660211.html
Sent from the Squid - Users mailing list archive at Nabble.com.

Received on Thu May 23 2013 - 07:30:35 MDT

This archive was generated by hypermail 2.2.0 : Tue May 28 2013 - 12:00:07 MDT