Search squid archive

Re: TPROXY

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Amos Jeffries-2 wrote
> On 28/05/2013 8:11 p.m., Amm wrote:
>> ________________________________
>>> From: alvarogp <

> alvarix.gp@

> >
>>> To: 

> squid-users@

>>> Sent: Tuesday, 28 May 2013 1:28 PM
>>> Subject:  Re: TPROXY
>>>
>>>
>>> alvarogp wrote
>>>> Hello,
>>>>
>>>> I have the next configuration:
>>>> - Ubuntu 12.04 with 2 interfaces eth0 (local) and eth1 (internet
>>>> access)
>>>> - IPtables 1.4.12
>>>> - Squid 3.3.4 with Tproxy
>>>>    
>>>> With Iptables I have configured the proxy to forward the traffic from
>>>> the
>>>> local LAN (eth0) to the outside world (eth1). The configuration is:
>>>>
>>>> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
>>>> iptables -A FORWARD -i eth1 -o eth0 -m state --state
>>>> RELATED,ESTABLISHED
>>>> -j ACCEPT
>>>> iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
>>>> echo 1 > /proc/sys/net/ipv4/ip_forward
>>>>
>>>> To configure and install Tproxy I have followed the tutorial described
>>>> in
>>>> the wiki:
>>>>
>>>> ./configure --enable-linux-netfilter
>>>>
>>>> net.ipv4.ip_forward = 1
>>>> net.ipv4.conf.default.rp_filter = 0
>>>> net.ipv4.conf.all.rp_filter = 0
>>>> net.ipv4.conf.eth0.rp_filter = 0
>>>>
>>>> iptables -t mangle -N DIVERT
>>>> iptables -t mangle -A DIVERT -j MARK --set-mark 1
>>>> iptables -t mangle -A DIVERT -j ACCEPT
>>>> iptables  -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
>>>> iptables  -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
>>>> --tproxy-mark 0x1/0x1 --on-port 3129
>>>>
>>>> For squid.conf, I have maintained the configuration my default adding
>>>> to
>>>> it:
>>>>
>>>> http_port 3128
>>>> http_port 3129 tproxy
>>>>
>>>> If Squid is running, the packets from the local LAN are routed
>>>> correctly
>>>> and the web pages are showed perfectly. The problem I have is that this
>>>> accesses are not reflected in the access.log and cache.log, so could be
>>>> possible that squid is not caching any cacheable content?
>> I have had exact same problem when I was trying TPROXY with similar
>> configuration.
>>
>> Squid would route packets but not LOG anything in access log.
>>
>> If I stop squid then clients cant access any website. (this indicates
>> that
>> packets are indeed routing through squid).
> 
> access.log would indicate that none of them are actually making it to 
> the Squid process.
> 
> Perhapse the Ubuntu kernel version has a bug which makes the packets 
> work when *some* process it listening on the required port, but the 
> packets actually not getting there.
> 
> Or perhapse TCP packets are sending the HTTP reuqest through Squid and 
> Squid relaying it but the response not going back to Squid (direct back 
> to client). In that event Squid would wait for some time (read/write 
> timeouts are 15 minutes long) before logging the failed HTTP 
> transaction. That could be caused by some bad configuration on a router 
> outside of the Squid machine.
> 
> Amos

Thank you Amos, I will try with other configuration in that case.

Alvaro



--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TPROXY-tp4658393p4660279.html
Sent from the Squid - Users mailing list archive at Nabble.com.




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux