Re: [squid-users] Re: TPROXY

________________________________ > From: alvarogp <alvarix.gp_at_gmail.com> >To: squid-users_at_squid-cache.org >Sent: Tuesday, 28 May 2013 1:28 PM >Subject: [squid-users] Re: TPROXY > > >alvarogp wrote >> Hello, >> >> I have the next configuration: >> - Ubuntu 12.04 with 2 interfaces eth0 (local) and eth1 (internet access) >> - IPtables 1.4.12 >> - Squid 3.3.4 with Tproxy >>  >> With Iptables I have configured the proxy to forward the traffic from the >> local LAN (eth0) to the outside world (eth1). The configuration is: >> >> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE >> iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED >> -j ACCEPT >> iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT >> echo 1 > /proc/sys/net/ipv4/ip_forward >> >> To configure and install Tproxy I have followed the tutorial described in >> the wiki: >> >> ./configure --enable-linux-netfilter >> >> net.ipv4.ip_forward = 1 >> net.ipv4.conf.default.rp_filter = 0 >> net.ipv4.conf.all.rp_filter = 0 >> net.ipv4.conf.eth0.rp_filter = 0 >> >> iptables -t mangle -N DIVERT >> iptables -t mangle -A DIVERT -j MARK --set-mark 1 >> iptables -t mangle -A DIVERT -j ACCEPT >> iptables  -t mangle -A PREROUTING -p tcp -m socket -j DIVERT >> iptables  -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY >> --tproxy-mark 0x1/0x1 --on-port 3129 >> >> For squid.conf, I have maintained the configuration my default adding to >> it: >> >> http_port 3128 >> http_port 3129 tproxy >> >> If Squid is running, the packets from the local LAN are routed correctly >> and the web pages are showed perfectly. The problem I have is that this >> accesses are not reflected in the access.log and cache.log, so could be >> possible that squid is not caching any cacheable content? I have had exact same problem when I was trying TPROXY with similar configuration. Squid would route packets but not LOG anything in access log. If I stop squid then clients cant access any website. (this indicates that packets are indeed routing through squid). I gave up later on. I might give it a try again after few days. Amm.
Received on Tue May 28 2013 - 08:11:38 MDT