On 18/08/11 22:51, Benjamin wrote:
I tested interception in bridge mode with current setup.that is working
fine.but when i configure tproxy , it is not working.Please guide me for


Any suggestions please.

My Current Network Setup:

WAN ROUTER(114.30.XX.1 --- public ip)
SQUID BOX (114.30.XX.19 gw: 114.30.XX.1) ( bridge mode)
BANDWITH MGMT. LINUX BOX ( 114.30.XX.10 gw: 114.30.XX.1)
END USERS ( mix with private ips and public ips )

at squid box : eth0 ----->internet( cable from switch)
eth1-----> cable connected to BANDWITH MGMT. LINUX BOX)

ebtables -t broute --list
Bridge table: broute

Bridge chain: BROUTING, entries: 2, policy: ACCEPT
-p IPv4 -i eth0 --ip-proto tcp --ip-dport 80 -j redirect
-p IPv4 -i eth1 --ip-proto tcp --ip-sport 80 -j redirect

Unless you changed the config between posts that means port 80 traffic _from_ the Internet is being passed to the proxy. Same for traffic received _from_ internal web servers.

According to the cabling diagram that should be:
 -i eth0 --ip-sport 80
 -i eth1 --ip-dport 80
... or plug the cables the other way around.

Alternatively, and at least for testing. Drop the -i NIC parameters entirely and route everything to or from port 80.

<from earlier in the thread>

iptables -L -nvx -t mangle
Chain PREROUTING (policy ACCEPT 959157 packets, 79545939 bytes)
    pkts      bytes target     prot opt in     out     source
   10993   689414 DIVERT     tcp  --  *      *           socket
   16765  1000259 TPROXY     tcp  --  *      *           tcp dpt:80 TPROXY redirect mark

OS CENTOS 6 64 bit
squid : 3.1.4
KERNEL : 2.6.32-71.29.1.el6.x86_64

Indeed this shows some packets that should be showing up in Squid logs. As TCP_DENIED visitors if my assessment of the ebtables rules is correct. But either way, showing up.

This looks a LOT like the problem Debian Lenny and Ubuntu Lucid have. They also had kernels from early 2.6.3n numbers. Indeed going back to my notes (in the wiki): "2.6.32 to 2.6.34 have bridging issues on some systems. Please use 2.6.30 or 2.6.31 for production machines, they seem to work properly."

I wrote that while monitoring TPROXY related patches going into the kernel. About the time 2.6.36 came out. So if you can, 2.6.35 or later should work (the later the better). Most people working with Debian Squeeze (kernel 2.6.37+) have had no problems AFAICT. That success should be mirrored in other distros on the similar kernel versions.

Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.14
  Beta testers wanted for

Reply via email to