What kernel/iptables/distro are you using? I am getting this exact same problem and I copied the iptables rules from my working TPROXY/SQUID setup and the only difference was the kernel and iptables version. I think there is some TPROXY breakage somewhere in the later kernels, and/or iptables, and/or squid. I have been testing this with RHEL v6 kernel and iptables rpms with squid 3.1.14. I know the problem is somewhere with iptables/kernel because a packet sniffer shows something odd with the outgoing traffic from the squid software to the origin web servers. Nicholas -----Original Message----- From: User User [mailto:netwotkstudent@xxxxxxxxx] Sent: Saturday, August 20, 2011 10:16 AM To: squid-users@xxxxxxxxxxxxxxx Subject: Tproxy time Hi, I have a linux box which I installed Squid. I used steps from wiki links (http://wiki.squid-cache.org/Features/Tproxy4) to compile kernel , iptables ,... The box working normal on 3128 when I set manual proxy on client , but for tproxy tranparnet mode I am getting timeout on client after some minutes. I am routing traffic from client to this box and try to catch the but iptables (tproxy).I am seeing requests on access log too. http_port 3128 http_port 3129 tproxy ip rule add fwmark 1 lookup 100 ip -f inet route add local 0.0.0.0/0 dev eth0 table 100 iptables -t mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 thanks for your help.
