squid 3.1.15 + TProxy 4 + time out

Tux Mason <tuxmason@xxxxxxxxx> · Tue, 20 Sep 2011 13:42:38 +0300

Hello,

I need help to get TProxy working.

When I set my browser to use the troxy port, netstat output shows
SYN_SENT for a while and the connection times out.

When I set my browser to use the transparent port, content is fetched
by the cache and the content is displayed in the browser

I have configured my routing as follows,

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ip rule add fwmark 1 lookup 100
ip -f inet route add local 0.0.0.0/0 dev eth0 table 100

iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT

iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT

iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-ip <SQUID_BOX_PUBLIC_IP> --on-port 3129
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

---------- squid.conf excerpt
------------------------------------------------------------------------------------------------------------------------------------------------
http_port <SQUID_BOX_PUBLIC_IP>:3128 intercept
http_port <SQUID_BOX_PUBLIC_IP>:3129 tproxy
...
acl public src <CLIENT_NETWORK> # public IPs
acl localhost src 127.0.0.0/24
acl localnet src 192.168.2.0/24
acl localnet src 192.168.3.0/24
acl localnet src 10.10.10.0/24
...
http_access allow public
http_access allow localnet
http_access allow localhost
http_access deny all
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Distro: Slackware 13.37 x86_64
Kernel: linux-3.0.4 ( tried 2.6.37 and 2.6.30 - connections time out)
Squid version: 3.1.15 ( tried 3.1.12 - connections also time out)

Any help will be greatly appreciated.

Kind regards,

Daniel