On 06/06/11 06:32, Ali Majdzadeh wrote:
Hello All,
I have setup the following configuration:
Squid (3.1.12) (--enable-linux-netfilter passed as the one and only
configure option)
Kernel (2.6.38.3)
iptables (1.4.11)
I have added the following two directives in squid.conf:
http_port 3128
http_port 3129 tproxy
Also, I have configured iptables with the following rules:
iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 3129
Everything work as expected, I mean, the users can surf the web and
the proxy server is transparent. The problem is that actually there is
no caching. I mean, both cache.log and access.log files are empty. On
That would be transparency to the point of not going through the proxy.
access.log should have entries for each request.
the other hand, if I manually set the proxy configuration in clients'
browsers (the IP address of the squid server and port number 3128)
everything is OK; the log files are incremented and objects are
cached.
Have anyone faced the same issue?
Some. Its usually boiled down to missing out some details omitted.
building against libcap2 or routing packets to the squid box for example.
Are the packet counters on that -j TPROXY rule showing captures?
Did you follow the rest of the feature config?
ie the special sub-routing table? OS packet filtering toggles? selinux
updated to allow tproxy?
Is this box even routing or bridging port 80 traffic for the network?
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.12
Beta testers wanted for 3.2.0.8 and 3.1.12.2
