[squid-users] tproxy on squid 2.7 errors

From: neeraj kharbanda <nettlynx_at_gmail.com>
Date: Wed, 29 May 2013 10:25:24 +0530

Hi,
this is my scenario

router(linux eth0).........eth2(lusca)..............eth1(wan)
policy routing done for clients to reach to lusca (clients on private
ips 172.16.x.x)
lusca can ping clients and internet
tproxy redirection done as per :

iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -s 172.16.10.97 -m socket -j DIVERT
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 3129

ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100

squid.conf

http_port 127.0.0.1:3128
http_port 0.0.0.0:3129 tproxy

but browsing give error :

Invalid Request

Some aspect of the HTTP Request is invalid. Possible problems:

    Missing or unknown request method
    Missing URL
    Missing HTTP Identifier (HTTP/1.0)
    Request is too large
    Content-Length missing for POST or PUT requests
    Illegal character in hostname; underscores are not allowed
squid logs
[21/Apr/2013:13:04:42 +0530] "GET error:invalid-request HTTP/0.0" 400
3334 TCP_DENIED:NONE

works fine on iptables dnat and transparent directives

--
Nettlynx Networks
Received on Wed May 29 2013 - 04:55:45 MDT

This archive was generated by hypermail 2.2.0 : Wed May 29 2013 - 12:00:07 MDT