On 27/02/2015 12:41 p.m., Carvaka Guru wrote: > I am building a simple linux firewall router with eth1 LAN port and eth0 > WAN port. I have squid3 running on it that I have built with netfilter > enabled. The linux version running on the firewall is debian wheezy which > has iptables with TPROXY and socket support. > > By setting up the iptables to send traffic to squid3 using the original nat > prerouting REDIRECT method everything works fine but I can't get the TPROXY > method to work. I followed all the steps outlined in > http://wiki.squid-cache.org/Features/Tproxy4 Uhm... no. You ran a *completely* different command line. > but no traffic gets to squid3. > In fact all HTTP traffic goes into some hole as soon as I issue the > following two routing commands - > > ip rule add fwmark 1 lookup 100 > ip route add local 0.0.0.0/0 dev lo table 100 > > Without these two commands the HTTP traffic goes through but never gets > routed to squid3. > > I think the "ip route" command is the culprit but I don't know why or how > to change it? That is explained in the "/!\" notes directly following the example configuration you "followed". It even has a whole section "Some routing problems to be aware of" just to repeat the message about this problem and what to do about it. <http://wiki.squid-cache.org/Features/Tproxy4#Routing_configuration> Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
