dear all,
any experience using new TPROXY4.
I already compiled kernel (2.6.25.14) with tproxy4,
patch squid-2.6.18 and iptables 1.4
[root@cachebox squid2.6.stable.18]# ip rule
0: from all lookup local
32764: from all fwmark 0x1/0x1 lookup 100
32765: from all fwmark 0x1 lookup 100
32766: from all lookup main
32767: from all lookup default
[root@cachebox squid2.6.stable.18]# ip route show table 100
local default dev lo scope host
[root@cachebox squid2.6.stable.18]# iptables -t mangle -L -xvn
Chain PREROUTING (policy ACCEPT 2462105 packets, 1395331335 bytes)
pkts bytes target prot opt in out source
destination
1474 91248 DIVERT tcp -- * * 0.0.0.0/0
0.0.0.0/0 socket
279100 37919535 TPROXY tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 TPROXY redirect 0.0.0.0:3128 mark
0x1/0x1
Chain INPUT (policy ACCEPT 8575 packets, 558014 bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 2884819 packets, 1455715086 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 9871 packets, 3045490 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 2894692 packets, 1458760640 bytes)
pkts bytes target prot opt in out source
destination
Chain DIVERT (1 references)
pkts bytes target prot opt in out source
destination
1462 90432 MARK all -- * * 0.0.0.0/0
0.0.0.0/0 MARK set 0x1
1454 89968 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
[root@cachebox squid2.6.stable.18]# sbin/squid -v
Squid Cache: Version 2.6.STABLE18
configure options: '--prefix=/usr/local/squid2.6.stable.18'
'--enable-gnuregex' '--enable-carp' '--with-pthreads' '--with-aio'
'--with-dl' '--enable-delay-pools' '--enable-useragent-log'
'--enable-referer-log' '--enable-htcp' '--enable-arp-acl'
'--enable-cache-digests' '--enable-linux-netfilter'
'--enable-truncate' '--enable-underscores' '--enable-stacktraces'
'--enable-x-accelerator-vary'
'--enable-basic-auth-helpers=MSNT,NCSA,YP,getpwnam'
'--enable-external-acl-helpers=ip_user,unix_group,wbinfo_group'
'--enable-auth=basic,ntlm' '--disable-ident-lookups'
'--enable-follow-x-forwarded-for' '--enable-large-cache-files'
'--enable-async-io' '--with-maxfd=2048000' '--enable-epoll'
'--enable-snmp' '--enable-removal-policies=heap,lru'
'--enable-storeio=aufs,coss,diskd,null,ufs' '--enable-ssl'
'--with-openssl=/usr/kerberos' '--disable-dependency-tracking'
'--with-large-files'
But i check in access.log, no traffic comes
[root@cachebox squid2.6.stable.18]# squidclient mgr:active_requests
HTTP/1.0 200 OK
Server: squid/2.6.STABLE18
Date: Mon, 15 Sep 2008 03:25:38 GMT
Content-Type: text/plain
Expires: Mon, 15 Sep 2008 03:25:38 GMT
Last-Modified: Mon, 15 Sep 2008 03:25:38 GMT
X-Cache: MISS from cachebox.sldm.net
X-Cache-Lookup: MISS from cachebox.sldm.net:3128
Proxy-Connection: close
Connection: 0x97cb098
FD 43, read 70, wrote 0
FD desc: cache_object://localhost/active_requests
in: buf 0x97e3148, offset 0, size 4096
peer: 127.0.0.1:38205
me: 127.0.0.1:3128
nrequests: 1
defer: n 0, until 0
uri cache_object://localhost/active_requests
log_type TCP_MISS
out.offset 0, out.size 0
req_sz 70
entry 0x97e5500/6253C1F43059CF9CC59F0A560EBE707F
old_entry (nil)/N/A
start 1221449138.803287 (0.000000 seconds ago)
username -
delay_pool 0
[root@cachebox squid2.6.stable.18]#
in squid.conf, already defined
http_port 3128 tproxy transparent
any suggest ?
Should I downgrade the tproxy version 2 ?.
Thanks.
