I am building a simple linux firewall router with eth1 LAN port and eth0 WAN port. I have squid3 running on it that I have built with netfilter enabled. The linux version running on the firewall is debian wheezy which has iptables with TPROXY and socket support.
By setting up the iptables to send traffic to squid3 using the original nat prerouting REDIRECT method everything works fine but I can't get the TPROXY method to work. I followed all the steps outlined in http://wiki.squid-cache.org/Features/Tproxy4 but no traffic gets to squid3. In fact all HTTP traffic goes into some hole as soon as I issue the following two routing commands -
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
Without these two commands the HTTP traffic goes through but never gets routed to squid3.
I think the "ip route" command is the culprit but I don't know why or how to change it?
Any suggestions, help would be much appreciated.
Thanks,
carvaka
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users