Re: [squid-users] Transparent proxy (Tproxy4)

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Wed, 19 Feb 2014 16:47:07 +0200

Hey,

I did not read the whole setup so sorry but I have written this article:
http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2
in the past which is very likely to help you to understand.
first disable SELINUX then make sure with tcpdump in what level is the
issue.

Hope it Helps,
Eliezer

On 02/19/2014 02:31 PM, Jose-Marcio Martins wrote:
>
> Hello,
>
> I've configured a transparent proxy as TProxy4
> (http://wiki.squid-cache.org/Features/Tproxy4).
>
> But I don't see anything in squid access log.
>
> * OS = Linux Fedora 20.
>
> * Cache log says at start-up :
>
> ....
> 2014/02/19 12:23:53 kid1| Accepting WCCPv2 messages on port 2048, FD 11.
> 2014/02/19 12:23:53 kid1| Initialising all WCCPv2 lists
> 2014/02/19 12:23:53 kid1| HTCP Disabled.
> 2014/02/19 12:23:53 kid1| Squid plugin modules loaded: 0
> 2014/02/19 12:23:53 kid1| Adaptation support is off.
> 2014/02/19 12:23:53 kid1| Accepting HTTP Socket connections at
> local=0.0.0.0:8080 remote=[::] FD 12 flags=9
> 2014/02/19 12:23:53 kid1| Accepting HTTP Socket connections at
> local=0.0.0.0:3128 remote=[::] FD 13 flags=9
> 2014/02/19 12:23:53 kid1| Accepting TPROXY spoofing HTTP Socket
> connections at local=0.0.0.0:3129 remote=[::] FD 14 flags=25
> ...
>
> ********************************
>
> * The router is connected to the wccp port :
>
> udp 0 0 194.214.158.189:2048 194.214.158.165:2048
> ESTABLISHED
>
> ********************************
>
> * iptables seems OK
>
> # iptables -t mangle -S
> -P PREROUTING ACCEPT
> -P INPUT ACCEPT
> -P FORWARD ACCEPT
> -P OUTPUT ACCEPT
> -P POSTROUTING ACCEPT
> -N DIVERT
> -A PREROUTING -p tcp -m socket -j DIVERT
> -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 3129 --on-ip
> 0.0.0.0 --tproxy-mark 0x1/0x1
> -A DIVERT -j MARK --set-xmark 0x1/0xffffffff
> -A DIVERT -j ACCEPT
> #
>
> ********************************
> * kernel routing seems OK :
>
> # ip -s -f inet rule
> 0: from all lookup local
> 32764: from all fwmark 0x1 lookup 100
> 32765: from all fwmark 0x1 lookup 100
> 32766: from all lookup main
> 32767: from all lookup default
>
> # ip -s -f inet route
> default via 194.214.158.165 dev eth0
> 169.254.0.0/16 dev eth0 scope link metric 1002
> 194.214.158.0/24 dev eth0 proto kernel scope link src 194.214.158.189
> #
>
> ********************************
> * squid.conf :
>
> wccp2_router 194.214.158.165
> wccp2_forwarding_method gre
> wccp2_return_method gre
> wccp2_assignment_method hash
> wccp2_service standard 0
>
> I shall change wccp2_service to dynamic after, but for start-up, it
> should work, I guess.
>
> ********************************
> * On the router (switch/router) we have this :
>
> ip wccp web-cache redirect-list 120
>
> interface Vlan16
> description Vlan Users
> ip address a.b.c.d v.w.x.y
> no ip redirects
> ip wccp web-cache redirect in
>
>
> access-list 120 remark le proxy SQUID bypasse la redirection
> access-list 120 deny ip host 194.214.158.207 any
> access-list 120 permit tcp 192.168.16.0 0.0.0.255 any eq www
> access-list 120 deny ip any any
>
> *********************************
>
>
>
> What more shall I look ? There's something wrong ? Any hint ?
>
> Thanks for your help.
>
Received on Wed Feb 19 2014 - 14:47:19 MST

This archive was generated by hypermail 2.2.0 : Wed Feb 19 2014 - 12:00:06 MST