hi guys On 01/28/2014 02:30 PM, Madhav V Diwan wrote: > Have you made certain that squid in the squid configuration file > ( /etc/squid/squid.conf) is listening on port 80 ( the destination port > in your iptables rules) port 80? squid is listening on port 18080, where the tproxy rule "redirects" to: http_port 0.0.0.0:8080 http_port 0.0.0.0:18080 tproxy just tried to make it listen on port 80 (with no apache running there) and changing the tproxy rule in order to redirect to port 80. then it works. but i need port 80 for apache. also i need to redirct port 443 as well later, when this works. > and have you checked tcpwrappers , or selinux? sure. nothing enabled. also it works when i remove the tproxy rule and use normal bridge forwarding and it works also when i use squid directly on port 8080. so squid config should be ok and uplink, routing, forwarding, firewalling all should be ok. seems really that the kernel actually finds the squid socket, assigns it to the packet, but the listening process does not get it, either squid nor tproxy_example tool. i was thinking maybe glibc is to old, but i guess IP_TRANSPARENT is only a kernel headers thing and there was no change in glibc for it, right? peter -- :: e n d i a n :: security with passion :: peter warasin :: http://www.endian.com :: peter@xxxxxxxxxx
