Search squid archive

Re: Help! one more time on on Squid3.HEAD(20110307), TPROXY4 and Iptables 1.4.9 + ebtables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 15/03/11 20:22, Jim Binder wrote:

Trying this one more time to see if anyone might know what's wrong in getting my transparent bridging with squid to work.
Config...  pings work thought the box (the bridge is working however; the 3129 socket never pops with an HTTP request)

Admin on Eth1, Internet on eth0 and Inside (client) interface on eth2. Br0 used as the bridge.

Running Fedora core 14 (but went back as fare as 12 and couldn't get it to work)

Squid Cache: Version 3.HEAD-20110307
configure options:  '--enable-ecap' '--enable-icap-client' '--enable-linux-netfilter' --enable-ltdl-convenience

iptables-1.4.9-1.fc14.i686
kernel-2.6.35.11-83.fc14.i686
ebtables-2.0.9-5.fc13.i686

Went as far to turn on dynamic debug logging and I don't see what's wrong but the connect never seems to get made to the 3129 socket.

[  214.914113] TRACE: mangle:PREROUTING:rule:2 IN=eth2 OUT= MAC=00:40:f4:cd:01:70:00:50:56:36:df:78:08:00 SRC=192.168.1.91 DST=192.168.1.88 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=3380 DF PROTO=TCP SPT=48255 DPT=80 SEQ=1363486620 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A02522AA80000000001030306)
[  214.914155] xt_TPROXY: redirecting: proto 6 c0a80158:80 ->  00000000:3129, mark: 1
[  217.920783] TRACE: raw:PREROUTING:policy:3 IN=eth2 OUT= MAC=00:40:f4:cd:01:70:00:50:56:36:df:78:08:00 SRC=192.168.1.91 DST=192.168.1.88 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=3381 DF PROTO=TCP SPT=48255 DPT=80 SEQ=1363486620 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A025236680000000001030306)
[  217.920846] TRACE: mangle:PREROUTING:rule:2 IN=eth2 OUT= MAC=00:40:f4:cd:01:70:00:50:56:36:df:78:08:00 SRC=192.168.1.91 DST=192.168.1.88 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=3381 DF PROTO=TCP SPT=48255 DPT=80 SEQ=1363486620 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A025236680000000001030306)
[  217.920891] xt_TPROXY: redirecting: proto 6 c0a80158:80 ->  00000000:3129, mark: 1

<snip>

[root@fw01 ~]#
[root@fw01 ~]# ip route list table all
local default dev lo  table 100  scope host


Tried with "table 100" created on eth0 and eth2 ?

That seems to be needed recently.
Everything else looks okay to me. Down to the packets hitting the TPROXY and DIVERT rules. 

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.11
  Beta testers wanted for 3.2.0.5
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux