Hi List, I'll try to understang what's not working in my setup. I'm trying to configure tproxy on an lan but I cannot get it working. I'll try to explain better. My setup is resumed in the following scheme: LAN --> TRPOXY + BRIDGE + SQUID --> Default gateway. I'm working on Ubuntu 9.10 with Squid 3.1. Squid and tproxy are correctly configured because I can read "Accepting spoofing http connections at ..." in chache.log. The configuration I set up is described at the page http://wiki.squid-cache.org/Features/Tproxy4. This is the script i use to configure everithing: CLIENT_IFACE=eth0 INET_IFACE=eth1 ifconfig $CLIENT_IFACE down ifconfig $INET_IFACE down ifconfig $CLIENT_IFACE 0.0.0.0 up ifconfig $INET_IFACE 0.0.0.0 up brctl addbr br0 brctl addif br0 $CLIENT_IFACE brctl addif br0 $INET_IFACE brctl stp br0 off dhclient br0 ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 ebtables -t broute -A BROUTING -i $CLIENT_IFACE -p IPv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP ebtables -t broute -A BROUTING -i $INET_IFACE -p IPv4 --ip-proto tcp --ip-sport 80 -j redirect --redirect-target DROP cd /proc/sys/net/bridge/ for i in * do echo 0 > $i done unset i With this configuration TPROXY doesn't work, I can see packet count increase for TRPOXY target in iptables -L but nothing appears on access.log and every http request from clients times out. This configuration works when I change --redirect-target DROP to --redirect-target ACCEPT, but in this case I can observe a duplication on traffic un port 80 inspecting my gateway traffic flow. I'm really gratefull to anyoune that can help me.
