Re: [squid-users] Re: TPROXY

Tue, 04 Jun 2013 00:14:01 -0700 

In general tproxy works on:
Fedora(any version 10+)
Centos(5.9+)
Ubuntu(9.10+)
Gentoo(for very long time)
Debian(5+)
Slax(XX)
etc..

lots of systems works but you just don't know how to configure them...
What routing settings have you used??
take a loot at this script and change the modules exists on ubuntu:
##start
#!/bin/sh  -x
echo "loading modules requierd for the tproxy"
modprobe ip_tables
modprobe xt_tcpudp
modprobe nf_tproxy_core
modprobe xt_mark
#modprobe xt_MARK
modprobe xt_TPROXY
modprobe xt_socket
modprobe nf_conntrack_ipv4
sysctl net.netfilter.nf_conntrack_acct
sysctl net.netfilter.nf_conntrack_acct=1

echo "setting routing tables for tproxy"
ip route flush table 100
ip rule del fwmark 1 lookup 100
ip rule add fwmark 1 lookup 100
ip -f inet route add local default dev lo table 100

echo "flushing any exiting rules"
iptables -t mangle -F
iptables -t mangle -X DIVERT

echo "creating iptables rules"
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j TPROXY --on-port 3129 --tproxy-mark 0x1/0x1 

echo "flushing routing cache"
ip route flush cache
##end

This is a 100% working tproxy script!!.
Maybe your routing system remembers the routing cache and you need to flush it. 
In many cases this can be the reason.
Also take your time and have a look at:
http://freevideolectures.com/Course/2998/Linux-Fundamentals/19
which is a 3+ lectures on how to install squid and\or\with squidguard as transparent proxy.
I hope to put my script later on the wiki to help others understand how to make it work. 

Eliezer

On 6/3/2013 2:40 PM, alvarogp wrote:

Hi,

I have followed the same steps that in the previous case but changing the
Operating System. Tried on:

- Fedora 18
- Kernel 3.6.10
- IPtables 1.4.16
- Squid 3.3.5 with Tproxy

Unfortunately, is the same situation that when I was using Ubuntu. The users
can reach Internet only if Squid is working, but any activity is registered
in the file access.log.

Is it possible that Fedora's kernel has the same problem than Ubuntu?

Regards,

Alvaro



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/TPROXY-tp4658393p4660396.html
Sent from the Squid - Users mailing list archive at Nabble.com.

Reply via email to