Hi all, I just implement transparent proxy on linux box consist of; Fedora Core 4 Kernel 2.6.15 iptables 1.3.5 cttproxy-2.6.15 squid-2.6STABLE4 The kernel and iptables has been patched with the tproxy patches. This patches should be work since I saw iptable_tproxy and ipt_tproxy is loaded on kernel. After squid is start, none can browse the website and I found many Invalid Request (clientReadRequest & TCP_DENIED) on both access.log and cache.log. I just wondering does tproxy and transparent proxying work in 2.6STABLE4?? If so, is there a special setting or something I need to set? Any help would be great. Thanks, Zul Note: This configuration below is my config. ---squid compile ./configure \ --enable-epoll \ --enable-snmp \ --enable-removal-policies="heap,lru" \ --enable-storeio="aufs,coss,diskd,null,ufs" \ --enable-linux-netfilter \ --enable-linux-tproxy \ --with-pthreads \ --enable-cachemgr-hostname=localhost \ --enable-underscores \ --enable-fd-config \ --with-maxfd=16384 \ --enable-err-languages=English \ ---squid.conf http_port 3128 tproxy transparent acl john src 192.168.1.2/255.255.255.255 acl mary src 192.168.1.3/255.255.255.255 http_access allow john http_access allow mary http_access deny all http_reply_access allow all icp_access allow all miss_access allow all cache_effective_user squid cache_effective_group squid tcp_outgoing_address 192.168.1.2 john tcp_outgoing_address 192.168.1.3 mary ---kernel parameters rp_filter is disabled ip_forwarding is enabled iptable_tproxy and ipt_tproxy is loaded ---iptables rule iptables -t tproxy -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j TPROXY --on-port 3128 ---cache.log 2006/11/01 01:05:36| clientReadRequest: FD 15 (192.168.1.2:2327) Invalid Request 2006/11/01 01:05:36| clientReadRequest: FD 15 (192.168.1.2:2328) Invalid Request 2006/11/01 01:05:37| clientReadRequest: FD 15 (192.168.1.3:24163) Invalid Request 2006/11/01 01:05:42| clientReadRequest: FD 15 (192.168.1.3:24164) Invalid Request ---access.log 1162317936.603 0 192.168.1.2 TCP_DENIED/400 2512 GET error:invalid-request - NONE/- text/html 1162317936.767 0 192.168.1.2 TCP_DENIED/400 2436 POST error:invalid-request - NONE/- text/html 1162317937.452 0 192.168.1.3 TCP_DENIED/400 1875 GET error:invalid-request - NONE/- text/html 1162317942.598 0 192.168.1.3 TCP_DENIED/400 1875 GET error:invalid-request - NONE/- text/html ____________________________________________________________________________________ Low, Low, Low Rates! Check out Yahoo! Messenger's cheap PC-to-Phone call rates (http://voice.yahoo.com)
