[squid-users] Re: TPROXY
Thanks for the information Eliezer. I am gonna take a look to it. Alvaro -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TPROXY-tp4658393p4660403.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: TPROXY
Hi, I have followed the same steps that in the previous case but changing the Operating System. Tried on: - Fedora 18 - Kernel 3.6.10 - IPtables 1.4.16 - Squid 3.3.5 with Tproxy Unfortunately, is the same situation that when I was using Ubuntu. The users can reach Internet only if Squid is working, but any activity is registered in the file access.log. Is it possible that Fedora's kernel has the same problem than Ubuntu? Regards, Alvaro -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TPROXY-tp4658393p4660396.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: TPROXY
alvarogp wrote Hello, I have the next configuration: - Ubuntu 12.04 with 2 interfaces eth0 (local) and eth1 (internet access) - IPtables 1.4.12 - Squid 3.3.4 with Tproxy With Iptables I have configured the proxy to forward the traffic from the local LAN (eth0) to the outside world (eth1). The configuration is: iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT echo 1 /proc/sys/net/ipv4/ip_forward To configure and install Tproxy I have followed the tutorial described in the wiki: ./configure --enable-linux-netfilter net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.eth0.rp_filter = 0 iptables -t mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 For squid.conf, I have maintained the configuration my default adding to it: http_port 3128 http_port 3129 tproxy If Squid is running, the packets from the local LAN are routed correctly and the web pages are showed perfectly. The problem I have is that this accesses are not reflected in the access.log and cache.log, so could be possible that squid is not caching any cacheable content? I read one other post from a guy who had a very similar problem: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-TPROXY-and-empty-access-log-td1036667.html If I do the same that him specifying in the user's browser the proxy, activity (ABORTED request for each web I have tried to access) is reflected in access.log. The time out expires and the local LAN users cannot access to Internet. All the information needed please tell me. Thank you in advance, Alvaro Hi, Does anyone know some configuration guide to configure Squid with TProxy in the wiki? The three that I only know are: http://wiki.squid-cache.org/ConfigExamples/FullyTransparentWithTPROXY http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2#Linux_and_Squid_Configuration http://wiki.squid-cache.org/Features/Tproxy4 I have followed the steps of the last one. Is it possible that I am confused and Squid is not able to cache if is working with TProxy? Thank you in advance. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TPROXY-tp4658393p4660274.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: TPROXY
Amos Jeffries-2 wrote On 28/05/2013 8:11 p.m., Amm wrote: From: alvarogp lt; alvarix.gp@ gt; To: squid-users@ Sent: Tuesday, 28 May 2013 1:28 PM Subject: [squid-users] Re: TPROXY alvarogp wrote Hello, I have the next configuration: - Ubuntu 12.04 with 2 interfaces eth0 (local) and eth1 (internet access) - IPtables 1.4.12 - Squid 3.3.4 with Tproxy With Iptables I have configured the proxy to forward the traffic from the local LAN (eth0) to the outside world (eth1). The configuration is: iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT echo 1 /proc/sys/net/ipv4/ip_forward To configure and install Tproxy I have followed the tutorial described in the wiki: ./configure --enable-linux-netfilter net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.eth0.rp_filter = 0 iptables -t mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 For squid.conf, I have maintained the configuration my default adding to it: http_port 3128 http_port 3129 tproxy If Squid is running, the packets from the local LAN are routed correctly and the web pages are showed perfectly. The problem I have is that this accesses are not reflected in the access.log and cache.log, so could be possible that squid is not caching any cacheable content? I have had exact same problem when I was trying TPROXY with similar configuration. Squid would route packets but not LOG anything in access log. If I stop squid then clients cant access any website. (this indicates that packets are indeed routing through squid). access.log would indicate that none of them are actually making it to the Squid process. Perhapse the Ubuntu kernel version has a bug which makes the packets work when *some* process it listening on the required port, but the packets actually not getting there. Or perhapse TCP packets are sending the HTTP reuqest through Squid and Squid relaying it but the response not going back to Squid (direct back to client). In that event Squid would wait for some time (read/write timeouts are 15 minutes long) before logging the failed HTTP transaction. That could be caused by some bad configuration on a router outside of the Squid machine. Amos Thank you Amos, I will try with other configuration in that case. Alvaro -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TPROXY-tp4658393p4660279.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: TPROXY
Hello, I have the next configuration: - Ubuntu 12.04 with 2 interfaces eth0 (local) and eth1 (internet access) - IPtables 1.4.12 - Squid 3.3.4 with Tproxy With Iptables I have configured the proxy to forward the traffic from the local LAN (eth0) to the outside world (eth1). The configuration is: iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT echo 1 /proc/sys/net/ipv4/ip_forward To configure and install Tproxy I have followed the tutorial described in the wiki: ./configure --enable-linux-netfilter net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.eth0.rp_filter = 0 iptables -t mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 For squid.conf, I have maintained the configuration my default adding to it: http_port 3128 http_port 3129 tproxy If Squid is running, the packets from the local LAN are routed correctly and the web pages are showed perfectly. The problem I have is that this accesses are not reflected in the access.log and cache.log, so could be possible that squid is not caching any cacheable content? I read one other post from a guy who had a very similar problem: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-TPROXY-and-empty-access-log-td1036667.html If I do the same that him specifying in the user's browser the proxy, activity (ABORTED request for each web I have tried to access) is reflected in access.log. The time out expires and the local LAN users cannot access to Internet. All the information needed please tell me. Thank you in advance, Alvaro -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TPROXY-tp4658393p4660211.html Sent from the Squid - Users mailing list archive at Nabble.com.