Search squid archive

Re: TPROXY Error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 30/06/2021 15:25, Antony Stone wrote:
On Wednesday 30 June 2021 at 14:16:09, Ben Goz wrote:

I'm trying to configure squid as a transparent proxy using TPROXY.
The machine I'm using has 2 NICs, one for input and the other one for
output traffic.
The TPROXY iptables rules are configured on the input NIC.
1. Which version of Squid are you using?
# ./squid -v
Squid Cache: Version 4.15
Service Name: squid

This binary uses OpenSSL 1.1.1f  31 Mar 2020. For legal restrictions on distribution see https://www.openssl.org/source/license.html

configure options:  '--with-openssl' '--enable-ssl-crtd' '--enable-ecap' '--enable-linux-netfilter' --enable-ltdl-convenience


2. Please show us the TPROXY rules you have.


iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT

iptables -t mangle -A PREROUTING -i bond0.213 -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 15644 iptables -t mangle -A PREROUTING -i bond0.213 -p tcp --dport 443 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 15645


including:

ip rule add fwmark 1 lookup 100
ip -f inet route add local default dev lo table 100


3. Please show us the relevant lines for intercept proxying from your
squid.conf


http_port 15644 tproxy
https_port 15645 ssl-bump tproxy generate-host-certificates=on options=ALL dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/ssl_cert/myCA.pem dhparams=/usr/local/squid/etc/dhparam.pem
always_direct allow all





Regards,


Antony.

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux