mhariri wrote:
Hi, I have the same problem with squid 3.1.0.15 / tproxy 4.1 / iptables v1.4.5 / kernel 2.6.31.5 the access.log shows no squid activity and with routing rules mentioned in TPROXY4 wiki: ip rule add fwmark 0x1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 i always get connection reset in the browser. without these routing rules it seems to be working but there is no cache activity and it seems that the clients are simply forwarded without going through the cache. the iptables rules are only those mentioned in the wiki and the ip_forward is set to 1. i've also enabled nonelocal ip binding in the kernel. i checked to ensure that the squid port for tproxy is actually used and the answer is positive because changing the port or stopping squid causes error in the browser! the result of dmesg shows NF_TPROXY is correctly initialized: NF_TPROXY: Transparent proxy support initialized, version 4.1.0 NF_TPROXY: Copyright (c) 2006-2007 BalaBit IT Ltd. the instructions i used are exactly from the TPROXY4 wiki @ balabit.hu and i've checked that many times to ensure that the procedure i've taken is correct.
Does Squid with the -X option during startup log a message (to screen or cache.log) about IPv6 and disabling TPROXY?
Someone just came in with at trace from 3.1.0.16 showing that something weird is going on since 3.1.0.14 added TPROXY IPv6 support.
Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23 Current Beta Squid 3.1.0.16