That is basically what I tried. Is there a kernel version it's known to work with? It's easy enough to test with a new version (besides for time of compiling). I would like to have a working configuration so I can report what kernel version broke it if it is indeed a bug. I think they are already aware that 2.6.32 broke basic tproxy, but maybe bridging with tproxy broke sooner. > -----Original Message----- > From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] > Sent: Sunday, January 24, 2010 11:31 PM > To: squid-users@xxxxxxxxxxxxxxx > Subject: Re: Working transparent bridge config with > recent kerenl? > > John Lauro wrote: > > Hello, > > > > Can someone post a working configuration (full iptables and ebtables) > of > > squid in transparent bridge mode along with the kernel version that > is known > > to work. Someone working on the kernel seem to be changing things > (to add > > security?) and it broke transparency with 2.6.32.*. > > > > I was able to get it configured with squid being a router in kernel > > 2.6.31.12. However, kernel 2.6.32.5 is broke with identical > configuration. > > > > Just plain bridging works without squid, but once I try to intercept > a > > connection over two shared bridge ports, I can't get the connect to > > establish from client to squid box. I don't know if my problem is > with my > > setup, or my kernel is too new for the examples I found. > > > > Thank you. > > > > The one that _should_ be working is this: > > ebtables -t broute -A BROUTING -i $CLIENT_IFACE -p ipv4 --ip-proto > tcp > --ip-dport 80 -j redirect --redirect-target DROP > > ebtables -t broute -A BROUTING -i $INET_IFACE -p ipv4 --ip-proto tcp > --ip-sport 80 -j redirect --redirect-target DROP > > cd /proc/sys/net/bridge/ > for i in * > do > echo 0 > $i > done > unset i > > NP: DROP because its processing level is being 'dropped' out of > ebtables > into the iptables routing levels. > > That config came from the netfilter kernel experts themselves. If it is > not working it's a kernel bug, please mention it to the netfilter > people > in charge of that piece of the kernel. > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21 > Current Beta Squid 3.1.0.15 > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 8.5.432 / Virus Database: 271.1.1/2639 - Release Date: > 01/24/10 19:33:00
