[squid-users] TPROXY Routing

[Kurt Sandstrom]

I have been unable to get TPROXY working correctly with squid. I have
used the steps in  http://wiki.squid-cache.org/Features/Tproxy4 and re
checked everything.

Versions:

Kernel 2.6.28-11-server (ubuntu)

Squid Cache: Version 3.1.1
configure options:  '--build=x86_64-linux-gnu' '--prefix=/usr'
'--includedir=/include' '--mandir=/share/man' '--infodir=/share/info'
'--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=/lib/squid3'
'--disable-maintainer-mode' '--disable-dependency-tracking'
'--srcdir=.' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3'
'--mandir=/usr/share/man' '--with-cppunit-basedir=/usr'
'--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs'
'--enable-removal-policies=lru,heap' '--enable-delay-pools'
'--enable-cache-digests' '--enable-underscores'
'--enable-follow-x-forwarded-for' '--enable-auth=basic'
'--enable-external-acl-helpers=ip_user' '--with-filedescriptors=65536'
'--with-default-user=proxy' '--enable-epoll'
'--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu'
--with-squid=/home/mike/squid-3.1.1 --enable-ltdl-convenience

iptables v1.4.3

I can see http traffic incrementing through my DIVERT and PREROUTING tables

Chain PREROUTING (policy ACCEPT 166K packets, 41M bytes)
 pkts bytes target     prot opt in     out     source
destination
 2963  202K DIVERT     tcp  --  any    any     anywhere
anywhere            socket
 1684 85244 TPROXY     tcp  --  any    any     anywhere
anywhere            tcp dpt:www TPROXY redirect 0.0.0.0:3129 mark
0x1/0x1

Chain INPUT (policy ACCEPT 22640 packets, 1278K bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain OUTPUT (policy ACCEPT 23918 packets, 3770K bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain POSTROUTING (policy ACCEPT 23918 packets, 3770K bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain DIVERT (1 references)
 pkts bytes target     prot opt in     out     source
destination
 2963  202K MARK       all  --  any    any     anywhere
anywhere            MARK xset 0x1/0xffffffff
 2963  202K ACCEPT     all  --  any    any     anywhere             anywhere

When I use -v -v there all the counters for errors are at 0

Squidclient shows:

Connection information for squid:
        Number of clients accessing cache:      2
        Number of HTTP requests received:       7     (from squidclient access)

And my store isn't growing at all.

It seems squid is not getting the traffic from my iptables...   any ideas??