Search squid archive

Re: Transparent proxy (Tproxy4)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Hey Eliezer,

Thanks for the pointer...

selinux is disabled. no problem in this side.

Cisco sees it :

cata6#sh ip wccp web-cache view
    WCCP Routers Informed of:
    192.168.201.165

    WCCP Cache Engines Visible:
    194.214.158.207
    194.214.158.189              <-----------

    WCCP Cache Engines NOT Visible:
    -none-

My doubt, at this moment, is about the gre interface. You explicitly defined it and created a tunnel for it :

   iptunnel add wccp0 mode gre remote $CISCOIPID local $LOCALIP dev eth1
   ifconfig wccp0 127.0.1.1/32 up

Is this necessary ? This doesn't appear in the doc by Amos Jeffries.

Regards

On 02/19/2014 03:47 PM, Eliezer Croitoru wrote:
Hey,

I did not read the whole setup so sorry but I have written this article:
http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2
in the past which is very likely to help you to understand.
first disable SELINUX then make sure with tcpdump in what level is the issue.

Hope it Helps,
Eliezer

On 02/19/2014 02:31 PM, Jose-Marcio Martins wrote:

Hello,

I've configured a transparent proxy as TProxy4
(http://wiki.squid-cache.org/Features/Tproxy4).

But I don't see anything in squid access log.

* OS = Linux Fedora 20.

* Cache log says at start-up :

....
2014/02/19 12:23:53 kid1| Accepting WCCPv2 messages on port 2048, FD 11.
2014/02/19 12:23:53 kid1| Initialising all WCCPv2 lists
2014/02/19 12:23:53 kid1| HTCP Disabled.
2014/02/19 12:23:53 kid1| Squid plugin modules loaded: 0
2014/02/19 12:23:53 kid1| Adaptation support is off.
2014/02/19 12:23:53 kid1| Accepting HTTP Socket connections at
local=0.0.0.0:8080 remote=[::] FD 12 flags=9
2014/02/19 12:23:53 kid1| Accepting HTTP Socket connections at
local=0.0.0.0:3128 remote=[::] FD 13 flags=9
2014/02/19 12:23:53 kid1| Accepting TPROXY spoofing HTTP Socket
connections at local=0.0.0.0:3129 remote=[::] FD 14 flags=25
...

********************************

* The router is connected to the wccp port :

udp        0      0 194.214.158.189:2048    194.214.158.165:2048
ESTABLISHED

********************************

* iptables seems OK

# iptables -t mangle -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N DIVERT
-A PREROUTING -p tcp -m socket -j DIVERT
-A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 3129 --on-ip
0.0.0.0 --tproxy-mark 0x1/0x1
-A DIVERT -j MARK --set-xmark 0x1/0xffffffff
-A DIVERT -j ACCEPT
#

********************************
* kernel routing seems OK :

# ip -s -f inet rule
0:    from all lookup local
32764:    from all fwmark 0x1 lookup 100
32765:    from all fwmark 0x1 lookup 100
32766:    from all lookup main
32767:    from all lookup default

# ip -s -f inet route
default via 194.214.158.165 dev eth0
169.254.0.0/16 dev eth0  scope link  metric 1002
194.214.158.0/24 dev eth0  proto kernel  scope link  src 194.214.158.189
#

********************************
* squid.conf :

wccp2_router                    194.214.158.165
wccp2_forwarding_method          gre
wccp2_return_method              gre
wccp2_assignment_method          hash
wccp2_service standard           0

   I shall change wccp2_service to dynamic after, but for start-up, it
   should work, I guess.

********************************
* On the router (switch/router) we have this :

ip wccp web-cache redirect-list 120

interface Vlan16
  description Vlan Users
  ip address a.b.c.d v.w.x.y
  no ip redirects
  ip wccp web-cache redirect in


access-list 120 remark le proxy SQUID bypasse la redirection
access-list 120 deny   ip host 194.214.158.207 any
access-list 120 permit tcp 192.168.16.0 0.0.0.255 any eq www
access-list 120 deny   ip any any

*********************************



What more shall I look ? There's something wrong ? Any hint ?

Thanks for your help.




--

 Envoyé de ma machine à écrire.
 ---------------------------------------------------------------
  Spam : Classement statistique de messages électroniques -
         Une approche pragmatique
  Chez Amazon.fr : http://amzn.to/LEscRu ou http://bit.ly/SpamJM
 ---------------------------------------------------------------
 Jose Marcio MARTINS DA CRUZ            http://www.j-chkmail.org
 Ecole des Mines de Paris                   http://bit.ly/SpamJM
 60, bd Saint Michel                      75272 - PARIS CEDEX 06
 mailto:Jose-Marcio.Martins@xxxxxxxxxxxxxxxxxx




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux