John Lauro wrote:
Hello,
Can someone post a working configuration (full iptables and ebtables) of
squid in transparent bridge mode along with the kernel version that is known
to work. Someone working on the kernel seem to be changing things (to add
security?) and it broke transparency with 2.6.32.*.
I was able to get it configured with squid being a router in kernel
2.6.31.12. However, kernel 2.6.32.5 is broke with identical configuration.
Just plain bridging works without squid, but once I try to intercept a
connection over two shared bridge ports, I can't get the connect to
establish from client to squid box. I don't know if my problem is with my
setup, or my kernel is too new for the examples I found.
Thank you.
The one that _should_ be working is this:
ebtables -t broute -A BROUTING -i $CLIENT_IFACE -p ipv4 --ip-proto tcp
--ip-dport 80 -j redirect --redirect-target DROP
ebtables -t broute -A BROUTING -i $INET_IFACE -p ipv4 --ip-proto tcp
--ip-sport 80 -j redirect --redirect-target DROP
cd /proc/sys/net/bridge/
for i in *
do
echo 0 > $i
done
unset i
NP: DROP because its processing level is being 'dropped' out of ebtables
into the iptables routing levels.
That config came from the netfilter kernel experts themselves. If it is
not working it's a kernel bug, please mention it to the netfilter people
in charge of that piece of the kernel.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21
Current Beta Squid 3.1.0.15
