Hi, I am trying to setup a transparent proxy with Squid 3.5.12 on Ubuntu Server 16.04.1, but I cannot get it working. When a client tries to connect to the web, the connection always times out. Hopefully, someone has an idea what's going. uname-r: 4.4.0-45-generic sysct: net.ipv4.ip_forward=1 net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.all.rp_filter=0 squid.conf: # ACCESS CONTROLS # ----------------------------------------------------------------------------- acl localnet src 139.2.0.0/16 acl localnet src 193.96.112.0/21 acl localnet src 192.109.216.0/24 acl localnet src 100.1.4.0/22 acl localnet src 10.0.0.0/8 acl localnet src 172.16.0.0/12 acl localnet src 192.168.0.0/16 acl to_localnet dst 139.2.0.0/16 acl to_localnet dst 193.96.112.0/21 acl to_localnet dst 192.109.216.0/24 acl to_localnet dst 100.1.4.0/22 acl to_localnet dst 10.0.0.0/8 acl to_localnet dst 172.16.0.0/12 acl to_localnet dst 192.168.0.0/16 http_access allow manager localhost http_access deny manager http_access allow localnet http_access allow localhost http_access allow to_localnet http_access deny all # NETWORK OPTIONS # ----------------------------------------------------------------------------- http_port 10.30.200.99:3128 http_port 10.30.216.254:3128 http_port 10.30.216.254:3129 tproxy # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM # ----------------------------------------------------------------------------- cache_peer proxy.mycompany.com parent 8080 0 no-query no-digest default cache_peer roxy.mycompany.com parent 8080 0 no-query no-digest # MEMORY CACHE OPTIONS # ----------------------------------------------------------------------------- maximum_object_size_in_memory 8 MB memory_replacement_policy heap LFUDA cache_mem 256 MB # DISK CACHE OPTIONS # ----------------------------------------------------------------------------- maximum_object_size 10 GB cache_replacement_policy heap GDSF cache_dir ufs /var/cache/squid 88894 16 256 max-size=10737418240 # LOGFILE OPTIONS # ----------------------------------------------------------------------------- access_log daemon:/var/log/squid/access.log squid cache_store_log daemon:/var/log/squid/store.log # OPTIONS FOR TROUBLESHOOTING # ----------------------------------------------------------------------------- cache_log /var/log/squid/cache.log coredump_dir /var/log/squid # OPTIONS FOR TUNING THE CACHE # ----------------------------------------------------------------------------- cache allow all # ADMINISTRATIVE PARAMETERS # ----------------------------------------------------------------------------- visible_hostname my-proxy.mycompany.com # ICP OPTIONS # ----------------------------------------------------------------------------- icp_port 0 # OPTIONS INFLUENCING REQUEST FORWARDING # ----------------------------------------------------------------------------- always_direct allow to_localnet always_direct allow to_localhost never_direct allow all # DNS OPTIONS # ----------------------------------------------------------------------------- dns_nameservers 192.168.0.1 dns_nameservers 192.168.0.2 # MISCELLANEOUS # ----------------------------------------------------------------------------- memory_pools off iptables-rules: iptables -t mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 0x1 iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 --on-ip 10.30.216.254 I can see that packets are traversing the chain DIVERT and TPROXY (packet counter): Chain DIVERT (1 references) pkts bytes target prot opt in out source destination 1134K 416M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK set 0x1 1134K 416M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain PREROUTING (policy ACCEPT 2380 packets, 261K bytes) pkts bytes target prot opt in out source destination 1253K 455M neutron-openvswi-PREROUTING all -- * * 0.0.0.0/0 0.0.0.0/0 1134K 416M DIVERT tcp -- * * 0.0.0.0/0 0.0.0.0/0 socket 2125 119K LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 LOG flags 0 level 4 prefix "TPROXY : " 63 3780 TPROXY tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 TPROXY redirect 10.30.216.254:3129 mark 0x1/0x1 The client request is present in my syslog: Oct 26 08:38:49 os-controller01 kernel: [ 4590.987956] TPROXY : IN=eth2 OUT= MAC=00:50:56:8d:2f:d4:02:05:69:02:be:68:08:00 SRC=10.30.216.132 DST=74.125.24.94 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=21615 DF PROTO=TCP SPT=47706 DPT=80 WINDOW=27200 RES=0x00 SYN URGP=0 There is nothing in squid logs. I have no idea. Has someone any hints what is wrong with my setup. Regards, Jens _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
