Amos Jeffries-2 wrote > On 28/05/2013 8:11 p.m., Amm wrote: >> ________________________________ >>> From: alvarogp < > alvarix.gp@ > > >>> To: > squid-users@ >>> Sent: Tuesday, 28 May 2013 1:28 PM >>> Subject: Re: TPROXY >>> >>> >>> alvarogp wrote >>>> Hello, >>>> >>>> I have the next configuration: >>>> - Ubuntu 12.04 with 2 interfaces eth0 (local) and eth1 (internet >>>> access) >>>> - IPtables 1.4.12 >>>> - Squid 3.3.4 with Tproxy >>>> >>>> With Iptables I have configured the proxy to forward the traffic from >>>> the >>>> local LAN (eth0) to the outside world (eth1). The configuration is: >>>> >>>> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE >>>> iptables -A FORWARD -i eth1 -o eth0 -m state --state >>>> RELATED,ESTABLISHED >>>> -j ACCEPT >>>> iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT >>>> echo 1 > /proc/sys/net/ipv4/ip_forward >>>> >>>> To configure and install Tproxy I have followed the tutorial described >>>> in >>>> the wiki: >>>> >>>> ./configure --enable-linux-netfilter >>>> >>>> net.ipv4.ip_forward = 1 >>>> net.ipv4.conf.default.rp_filter = 0 >>>> net.ipv4.conf.all.rp_filter = 0 >>>> net.ipv4.conf.eth0.rp_filter = 0 >>>> >>>> iptables -t mangle -N DIVERT >>>> iptables -t mangle -A DIVERT -j MARK --set-mark 1 >>>> iptables -t mangle -A DIVERT -j ACCEPT >>>> iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT >>>> iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY >>>> --tproxy-mark 0x1/0x1 --on-port 3129 >>>> >>>> For squid.conf, I have maintained the configuration my default adding >>>> to >>>> it: >>>> >>>> http_port 3128 >>>> http_port 3129 tproxy >>>> >>>> If Squid is running, the packets from the local LAN are routed >>>> correctly >>>> and the web pages are showed perfectly. The problem I have is that this >>>> accesses are not reflected in the access.log and cache.log, so could be >>>> possible that squid is not caching any cacheable content? >> I have had exact same problem when I was trying TPROXY with similar >> configuration. >> >> Squid would route packets but not LOG anything in access log. >> >> If I stop squid then clients cant access any website. (this indicates >> that >> packets are indeed routing through squid). > > access.log would indicate that none of them are actually making it to > the Squid process. > > Perhapse the Ubuntu kernel version has a bug which makes the packets > work when *some* process it listening on the required port, but the > packets actually not getting there. > > Or perhapse TCP packets are sending the HTTP reuqest through Squid and > Squid relaying it but the response not going back to Squid (direct back > to client). In that event Squid would wait for some time (read/write > timeouts are 15 minutes long) before logging the failed HTTP > transaction. That could be caused by some bad configuration on a router > outside of the Squid machine. > > Amos Thank you Amos, I will try with other configuration in that case. Alvaro -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TPROXY-tp4658393p4660279.html Sent from the Squid - Users mailing list archive at Nabble.com.
