Hello! Tproxy works in strange way on my Debian Squeeze Machine Everything was made using this manual http://wiki.squid-cache.org/Features/Tproxy4 but all I see in access.log MISS/000 and MISS/503. Intenet doesn't work in proper way. Info about my server: root@proxy:~# uname -a Linux proxy 2.6.30-2-686 #1 SMP Fri Dec 4 00:53:20 UTC 2009 i686 GNU/Linux squid was installed from repository root@proxy:~# squid3 -v Squid Cache: Version 3.1.6 configure options: '--build=i486-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--srcdir=.' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--with-cppunit-basedir=/usr' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth=basic,digest,ntlm,negotiate' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM' '--enable-ntlm-auth-helpers=smb_lm,' '--enable-digest-auth-helpers=ldap,password' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group' '--enable-arp-acl' '--enable-esi' '--disable-translation' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-linux-netfilter' 'build_alias=i486-linux-gnu' 'CFLAGS=-g -O2 -g -Wall -O2' 'LDFLAGS=' 'CPPFLAGS=' 'CXXFLAGS=-g -O2 -g -Wall -O2' --with-squid=/home/luigi/debian/squid3/build-area/squid3-3.1.6 config was modifified by adding (): http_port 3129 tproxy acl localnet src 192.168.1.0/24 http_access allow localnet root@proxy:~# aptitude show libcap2 libcap-dev Package: libcap2 State: installed Automatically installed: no Version: 1:2.19-3 Priority: standard Section: libs Maintainer: Torsten Werner <twerner@xxxxxxxxxx> Uncompressed Size: 69.6k Depends: libattr1 (>= 2.4.41-1), libc6 (>= 2.3) Description: support for getting/setting POSIX.1e capabilities This library implements the user-space interfaces to the POSIX 1003.1e capabilities available in Linux kernels. These capabilities are a partitioning of the all powerful root privilege into a set of distinct privileges. Homepage: http://sites.google.com/site/fullycapable/ Package: libcap-dev State: installed Automatically installed: no Version: 1:2.19-3 Priority: optional Section: libdevel Maintainer: Torsten Werner <twerner@xxxxxxxxxx> Uncompressed Size: 111k Depends: libcap2 (= 1:2.19-3) Suggests: manpages-dev Conflicts: libcap2-dev Replaces: libcap2-dev Provides: libcap2-dev Description: development libraries and header files for libcap2 Contains the necessary support for building applications that use capabilities. Homepage: http://sites.google.com/site/fullycapable/ root@proxy:~# iptables -t mangle -L Chain PREROUTING (policy ACCEPT) target prot opt source destination prevent_tproxy_loop tcp -- anywhere anywhere socket TPROXY tcp -- anywhere anywhere tcp dpt:www TPROXY redirect 0.0.0.0:3129 mark 0x1/0x1 Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain prevent_tproxy_loop (1 references) target prot opt source destination MARK all -- anywhere anywhere MARK set 0x1 ACCEPT all -- anywhere anywhere What can I do in this situation?
