Re: [squid-users] Transparent proxy (Tproxy4)

Wed, 19 Feb 2014 06:48:14 -0800 

Hey,

I did not read the whole setup so sorry but I have written this article:
http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2
in the past which is very likely to help you to understand.
first disable SELINUX then make sure with tcpdump in what level is the issue. 

Hope it Helps,
Eliezer

On 02/19/2014 02:31 PM, Jose-Marcio Martins wrote:


Hello,

I've configured a transparent proxy as TProxy4
(http://wiki.squid-cache.org/Features/Tproxy4).

But I don't see anything in squid access log.

* OS = Linux Fedora 20.

* Cache log says at start-up :

....
2014/02/19 12:23:53 kid1| Accepting WCCPv2 messages on port 2048, FD 11.
2014/02/19 12:23:53 kid1| Initialising all WCCPv2 lists
2014/02/19 12:23:53 kid1| HTCP Disabled.
2014/02/19 12:23:53 kid1| Squid plugin modules loaded: 0
2014/02/19 12:23:53 kid1| Adaptation support is off.
2014/02/19 12:23:53 kid1| Accepting HTTP Socket connections at
local=0.0.0.0:8080 remote=[::] FD 12 flags=9
2014/02/19 12:23:53 kid1| Accepting HTTP Socket connections at
local=0.0.0.0:3128 remote=[::] FD 13 flags=9
2014/02/19 12:23:53 kid1| Accepting TPROXY spoofing HTTP Socket
connections at local=0.0.0.0:3129 remote=[::] FD 14 flags=25
...

********************************

* The router is connected to the wccp port :

udp        0      0 194.214.158.189:2048    194.214.158.165:2048
ESTABLISHED

********************************

* iptables seems OK

# iptables -t mangle -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N DIVERT
-A PREROUTING -p tcp -m socket -j DIVERT
-A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 3129 --on-ip
0.0.0.0 --tproxy-mark 0x1/0x1
-A DIVERT -j MARK --set-xmark 0x1/0xffffffff
-A DIVERT -j ACCEPT
#

********************************
* kernel routing seems OK :

# ip -s -f inet rule
0:    from all lookup local
32764:    from all fwmark 0x1 lookup 100
32765:    from all fwmark 0x1 lookup 100
32766:    from all lookup main
32767:    from all lookup default

# ip -s -f inet route
default via 194.214.158.165 dev eth0
169.254.0.0/16 dev eth0  scope link  metric 1002
194.214.158.0/24 dev eth0  proto kernel  scope link  src 194.214.158.189
#

********************************
* squid.conf :

wccp2_router                    194.214.158.165
wccp2_forwarding_method          gre
wccp2_return_method              gre
wccp2_assignment_method          hash
wccp2_service standard           0

   I shall change wccp2_service to dynamic after, but for start-up, it
   should work, I guess.

********************************
* On the router (switch/router) we have this :

ip wccp web-cache redirect-list 120

interface Vlan16
  description Vlan Users
  ip address a.b.c.d v.w.x.y
  no ip redirects
  ip wccp web-cache redirect in


access-list 120 remark le proxy SQUID bypasse la redirection
access-list 120 deny   ip host 194.214.158.207 any
access-list 120 permit tcp 192.168.16.0 0.0.0.255 any eq www
access-list 120 deny   ip any any

*********************************



What more shall I look ? There's something wrong ? Any hint ?

Thanks for your help.

























					Reply via email to