Does it appear that my iptables rules are in the correct order? I see packets matching them. Possible my problem is with the ip rule or ip route? I am using the standard ones from the wiki. root@indianwells:~# iptables -t mangle -L Chain PREROUTING (policy ACCEPT) target prot opt source destination DIVERT tcp -- anywhere anywhere socket TPROXY tcp -- anywhere anywhere tcp dpt:www TPROXY redirect 128.226.100.61:3129 mark 0x1/0x1 Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain DIVERT (1 references) target prot opt source destination MARK all -- anywhere anywhere MARK xset 0x1/0xffffffff ACCEPT all -- anywhere anywhere Thanks, --Joe -----Original Message----- From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] Sent: Monday, November 02, 2009 8:52 PM To: Roth, Joe Cc: Amos Jeffries; squid-users@xxxxxxxxxxxxxxx Subject: RE: Squid + WCCP + TProxy mån 2009-11-02 klockan 09:23 -0500 skrev Roth, Joe: > I compiled 3.1.0.14 with the --enable-linux-netfilter option and > installed. > Is there any way for me to check that squid is properly enabling the > kernel option? The needed kernel option is enabled by iptables, not Squid. The compile + http_port options just tells Squid to query the kernel a little extra to get the actual address info. The actual intercept will work even without any of that, just that the result may not be entirely the expected.. REgards Henrik
