[tproxy] tproxy in Ubuntu
Tristram Cheer
tproxy at tristramcheer.com
Wed Mar 10 08:16:24 CET 2010
Thanks to Michael for this help,
I've got a working install of Slackware 13 going and have squid running when
I set it manually but TPROXY still results in a hanging connection. This is
a bridged setup and I've done the ebtables rules but it doesnt seem to be
doing the trick.
Is there anyone here who has a working bridged setup?
Regards
Tristram
On 8 March 2010 17:02, Michael 'Moose' Dinn <michael.dinn at airfire.ca> wrote:
>
>
> We're doing it in router mode, and it's pretty darn easy.
>
> > Were you doing it in a bridge or in router "mode" and did you follow any
> > guides/outlines of what to do?
>
> get squid running non-transparently first so you can configure a browser to
> point at it. that means all your ACLs are correct.
>
> add to squid.conf:
>
> http_port 3129 tproxy
>
>
> and restart squid
>
>
> then, after you get the latest iptables, run:
>
>
> /sbin/ip rule add fwmark 1 lookup 100
> /sbin/ip route add local 0.0.0.0/0 dev lo table 100
>
> /usr/sbin/iptables -F -t mangle
> /usr/sbin/iptables -t mangle -N MDIVERT
> /usr/sbin/iptables -t mangle -A MDIVERT -j MARK --set-mark 1
> /usr/sbin/iptables -t mangle -A MDIVERT -j ACCEPT
>
> #Use DIVERT to prevent existing connections going through TPROXY twice:
> /usr/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j MDIVERT
>
> /usr/sbin/iptables -t mangle -A PREROUTING -p tcp -s
> SOURCE.IP.RANGE.TO/PROXY --dport 80 -j TPROXY --tproxy-mark 0x1/0x1
> --on-port 3129
>
>
> replace the "source.ip.range.to/proxy" with whatever your proxy-able
> address
> space is and you're good to go.
>
> enjoy!
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20100310/0f27502b/attachment.htm
More information about the tproxy
mailing list