Hello, But that is description to tproxy2, for nwe kernels >2.6.22 there are patches for tproxy-4, and tproxy-4.1. Squid ic compatible with tproxy2 only so I downloaded patches for squid 2.6-stable18 (for tproxy-4.1 from http://people.balabit.hu/panther/tproxy/). look here https://lists.balabit.hu/pipermail/tproxy/2008-February/000705.html Dnia So Marca 29 2008, 03:27, Sunin Thaveethamsavee napisał(a): > I'm follow up every step via this link > http://web.suffieldacademy.org/ils/netadmin/docs/software/squid/ and > everything that work fine. > > -----Original Message----- > From: admin@xxxxxx [mailto:admin@xxxxxx] > Sent: Saturday, March 29, 2008 4:04 AM > To: squid-users@xxxxxxxxxxxxxxx > Subject: TPROXY but without bridging? > > Hello, > > I'm using Squid Cache: Version 2.6.STABLE18 > > Is there posibility to use it as fully transprent proxy (with tproxy) but > without bridging interfaces? > > My topology: > > [router 0]---[Internet] > | > | > [===switch=======================] > | | | > [squid] [ router a ][ router b ] ..... > > to routers a,b... are connected clients. On that routers I have DNAT > --to-destiation squid:80 > > On squid machine i have 2.6.25-rc7 kernel and Squid with patches from > http://people.balabit.hu/panther/tproxy/. > > And: > iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY \ > --tproxy-mark 0x1/0x1 -on-port 3128 > iptables -t mangle -N DIVERT > iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT > iptables -t mangle -A DIVERT -j MARK --set-mark 1 > iptables -t mangle -A DIVERT -j ACCEPT > ip rule add fwmark 1 lookup 100 > ip route add local 0.0.0.0/0 dev lo table 100 > > squid.conf: > .. > http_port 3128 transparent tproxy > tcp_outgoing_address [machine ip] > .. > > When I test this configuration webservers logs connection from clients > from routers a,b... with ip of squid machine. So tproxy doesnt' work. > > Can I fix it? > > PS. It's urgent for me, please help;) > Regards, > Tomasz > > -- Tomasz Kolaj Administrator sieci ABP Computer
