I have been unable to get TPROXY working correctly with squid. I have
used the steps in http://wiki.squid-cache.org/Features/Tproxy4 and re
checked everything.
Versions:
Kernel 2.6.28-11-server (ubuntu)
Squid Cache: Version 3.1.1
configure options: '--build=x86_64-linux-gnu' '--prefix=/usr'
'-
ons 2010-03-31 klockan 09:47 -0700 skrev Kurt Sandstrom:
> I have been unable to get TPROXY working correctly with squid. I have
> used the steps in http://wiki.squid-cache.org/Features/Tproxy4 and re
> checked everything.
>
I did not see your routing setup in the data you dumped. Without the
ro
I have the following in startup
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
The ouput of ip route show table 100: local default dev lo scope host
One other thing is strange, my PREROUTING rules in mangle don't load
in my script. I have to manually add them
Make sure you have setup triangle routing correctly.
your squid act as bridge ? or act as router/gateway with dual
interface ethernet ?
or standalone server with single ethernet.
option 1 and 2, doesn't need routing setup, traffic incoming and
outgoing must hit the squid box.
But for option 3, you
It is set up with 2 nics as a bridge. The routing I was refering to is
only internal to the box.. ie through iptables
On Thu, Apr 1, 2010 at 5:09 AM, johan firdianto wrote:
> Make sure you have setup triangle routing correctly.
> your squid act as bridge ? or act as router/gateway with dual
> int
tor 2010-04-01 klockan 11:10 -0700 skrev Kurt Sandstrom:
> It is set up with 2 nics as a bridge. The routing I was refering to is
> only internal to the box.. ie through iptables
bridge... haven't tried TPROXY in bridge mode, only router mode.
Due to the complexity involved I would recomment you
The bridging is working just not redirecting to the squid. I can see
the counters increment for port 80 but nothing on the squid side.
2010/4/1 Henrik Nordström :
> tor 2010-04-01 klockan 11:10 -0700 skrev Kurt Sandstrom:
>> It is set up with 2 nics as a bridge. The routing I was refering to is
>
tor 2010-04-01 klockan 13:43 -0700 skrev Kurt Sandstrom:
> The bridging is working just not redirecting to the squid. I can see
> the counters increment for port 80 but nothing on the squid side.
TPROXY has some quite peculiar requirements, and the combination with
bridgeing makes those even more
PLEASE HELP!
I have been to the squid site and unsubscribed to every list, I have
asked Henrick several times with no answer. And STILL I get these
emails about your business.
Won't one of you PLEASE tell ne how to get off of your mailing list?
Bill
785-887-6966
www.billfair.com
On Apr 1
Have you setup ebtables to drop packet,
ebtables -t broute -A BROUTING -i $CLIENT_IFACE -p ipv4 --ip-proto tcp
--ip-dport 80 -j redirect --redirect-target DROP
ebtables -t broute -A BROUTING -i $INET_IFACE -p ipv4 --ip-proto tcp
--ip-sport 80 -j redirect --redirect-target DROP
second hint,
route
You are correct in that it's a routing issue...
I have network -> eth1(no ip bridged)->eth0(no ip bridged)-> gateway(router)
the eth1 and eth0 interfaces have a br0 assigned.
when I assign the bridge interface I use the following for routing:
ifconfig br0 xxx.xxx.xxx.xxx netmask 255.255.0.0 up #
dump the packet at eth0 and eth1.
When traffic comes into eth1 i called 'old packet', squid should
forward the 'new' packet to eth0.
Check 'the new' packet and 'old packet', look at source ip and destination ip.
it should same source and destination ip.
if this is correct,
Check the reply packet fr
fre 2010-04-02 klockan 09:47 -0700 skrev Kurt Sandstrom:
> 2 things I may try this evening... grab tcp traffic from eth0 and br0
> to see if redirected port 3129 is being routed out of the system
> instead of to the localhost. Then try (a shot in the dark) changing:
Which MAC address is being use
Thats the thing... if I enable the ebtables rules the bridging of http
on the local network stops but squid shows no activity even though the
tproxy counters increase. If I wget to 0.0.0.0 my squid shows wget
connection but returns a gateway error so I know the squid is replying
to requests it rece
fre 2010-04-02 klockan 11:54 -0700 skrev Kurt Sandstrom:
> Thats the thing... if I enable the ebtables rules the bridging of http
> on the local network stops but squid shows no activity even though the
> tproxy counters increase.
And if you configure a client to use the TPROXY as a router while h
Henrik N. has got to be as dense as any forest tree.
I've asked him twice, I've asked him thrice, I swear I'd almost pay a
price.
I have no interest in squibs email trists, please take me off your
mailing list.
Bill
785-887-6966
b...@billfair.com
On Apr 2, 2010, at 1:13 PM, Henrik Nord
I'll check that as well... have to grab some IPs and add to the interfaces.
2010/4/2 Henrik Nordström :
> fre 2010-04-02 klockan 11:54 -0700 skrev Kurt Sandstrom:
>> Thats the thing... if I enable the ebtables rules the bridging of http
>> on the local network stops but squid shows no activity eve
17 matches
Mail list logo
