Search squid archive

squid tproxy problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I configured squid for tproxy feature in my network with bridge mode.

I follow http://wiki.squid-cache.org/Features/Tproxy4

But I m not getting requests in access.log of squid.

My configuration:

cat /etc/squid/squid.conf

#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl localhost src ::1/128
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl to_localhost dst ::1/128

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed

acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT
acl mynetwork src '/etc/squid/mynetwork'
acl cache_deny dst '/etc/squid/deny1'


cache deny cache_deny
#
cache_mem 1024 MB


# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow mynetwork
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128
http_port 3129 tproxy

# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
cache_dir aufs /cache/squid 25600 32 512

# Leave coredumps in the first cache dir
coredump_dir /cache/squid
httpd_suppress_version_string on

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
refresh_pattern .        0    20%    4320

ip rule list
0:    from all lookup local
32765:    from all fwmark 0x1 lookup 100
32766:    from all lookup main
32767:    from all lookup default

iptables -L -nvx -t mangle
Chain PREROUTING (policy ACCEPT 959157 packets, 79545939 bytes)
    pkts      bytes target     prot opt in     out     source
     destination
   10993   689414 DIVERT     tcp  --  *      *       0.0.0.0/0
   0.0.0.0/0           socket
   16765  1000259 TPROXY     tcp  --  *      *       0.0.0.0/0
   0.0.0.0/0           tcp dpt:80 TPROXY redirect 0.0.0.0:3129 mark
0x1/0x1

Chain INPUT (policy ACCEPT 15122 packets, 1149717 bytes)
    pkts      bytes target     prot opt in     out     source
     destination

Chain FORWARD (policy ACCEPT 959996 packets, 79295677 bytes)
    pkts      bytes target     prot opt in     out     source
     destination

Chain OUTPUT (policy ACCEPT 28272 packets, 10090599 bytes)
    pkts      bytes target     prot opt in     out     source
     destination

Chain POSTROUTING (policy ACCEPT 988265 packets, 89386044 bytes)
    pkts      bytes target     prot opt in     out     source
     destination

Chain DIVERT (1 references)
    pkts      bytes target     prot opt in     out     source
     destination
   10993   689414 MARK       all  --  *      *       0.0.0.0/0
   0.0.0.0/0           MARK set 0x1
   10993   689414 ACCEPT     all  --  *      *       0.0.0.0/0
   0.0.0.0/0


ebtables -t broute --list
Bridge table: broute

Bridge chain: BROUTING, entries: 2, policy: ACCEPT
-p IPv4 -i eth0 --ip-proto tcp --ip-dport 80 -j redirect
-p IPv4 -i eth1 --ip-proto tcp --ip-sport 80 -j redirect

OS CENTOS 6 64 bit
squid : 3.1.4
KERNEL : 2.6.32-71.29.1.el6.x86_64


Please guide me.

Thanks,
Benjamin


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux