Search squid archive

tproxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Would be posible to run tproxy in single ethernet, same subset of gateway, squid box, clients(squid box as gateway)? I'm trying to run tproxy at lab on ubuntu 10.04, I dont know what else missing/wrong. squidbox as gateway works fine without tproxy.
This private IPs would be replaced with public IPs in production.

squid box runs as gateway single ethernet.
squidbox:
gateway 192.168.0.254
ip 192.168.0.123

client:
gateway 192.168.0.123
ip 192.168.0.197

root@ubuntu:~# uname -r
2.6.32-25-generic-pae

cat /boot/config-`uname -r` | grep -E '(NF_CONNTRACK=|TPROXY|XT_MATCH_SOCKET|XT_TARGET_TPROXY)'
CONFIG_NF_CONNTRACK=m
CONFIG_NETFILTER_TPROXY=m
CONFIG_NETFILTER_XT_TARGET_TPROXY=m
CONFIG_NETFILTER_XT_MATCH_SOCKET=m

iptables v1.4.4

libcap-dev 1:2.17-2ubuntu1
libcap2 1:2.17-2ubuntu1

sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.lo.rp_filter=0

/tproxy script:
{{{
#!/bin/sh
ip rule del fwmark 1 lookup 100
ip route del local 0.0.0.0/0 dev lo table 100
iptables -F
iptables -F -t mangle
iptables -F -t nat

iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT

iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129

ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
}}}

sysctl.conf:
net.ipv4.ip_forward=1
net.ipv4.conf.lo.rp_filter=0

root@ubuntu:~# squid -v
Squid Cache: Version 3.1.9
configure options: '--prefix=/usr' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid' '--srcdir=.' '--datadir=${prefix}/share/squid' '--sysconfdir=/etc/squid' '--enable-async-io' '--with-pthreads' '--enable-storeio=aufs' '--enable-epoll' '--enable-removal-policies=lru,heap' '--enable-snmp' '--enable-linux-netfilter' '--with-large-files' --with-squid=/root/squid-3.1.9

squid.conf has
http_port 3129 tproxy



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux