On 2014-02-25 05:09, Jose-Marcio Martins wrote:
Hello Amos,
I'm trying to configure a transparent proxy as explained on the page
you wrote :
http://wiki.squid-cache.org/Features/Tproxy4
but it doesn't work. Maybe I'm confused with some config directions I
see on other pages.
I'm running squid on a fedora 20 box with the squid which comes with
it : 3.3.11.
Squid runs fine as a cache only (on port 8080), but not as transparent
proxy on port 3129.
About the doc... you don't talk about "ip_gre" and "gre". Are these
modules still needed or they are replaced by xt_TPROXY and... ?
GRE is an interface tunnel type (like IPIP, 6to4, IPX, IPSEC, br, eth,
adsl, ...). It is used by WCCP. No particular relation to TPROXY.
GRE is likely to be built into your kernel these days. IIRC you can test
it by trying to create a gre type tunnel interface on the box. If it
works then you do not need to do anything beyond setting up the Squid
box interface to receive those WCCP packets.
Are the following enough ?
# lsmod | egrep -i "socket|tproxy|conntrack"
nf_conntrack 91283 0
xt_TPROXY 17356 1
xt_socket 13000 1
nf_defrag_ipv6 34595 2 xt_socket,xt_TPROXY
nf_defrag_ipv4 12702 2 xt_socket,xt_TPROXY
#
Worst case, follow the packets from the client machine through the
system to see where they are first "not showing up".
ie do they get caught by WCCP and sent down the GRE tunnel?
Amos
