<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<STYLE type=text/css>DIV {
MARGIN: 0px
}
</STYLE>
<META content="MSHTML 6.00.6000.16640" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=311363515-11062008><FONT face=Arial
color=#0000ff size=2>I am using CentOS 5.1 and Tproxy 4, with squid. I should
say am using it, but working on using it. I am having wierd problems with
IPTables as well.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=311363515-11062008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=311363515-11062008><FONT face=Arial
color=#0000ff size=2>Nick</FONT></SPAN></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> tproxy-bounces@lists.balabit.hu
[mailto:tproxy-bounces@lists.balabit.hu] <B>On Behalf Of </B>Mike
Adkins<BR><B>Sent:</B> Wednesday, June 11, 2008 10:28 AM<BR><B>To:</B>
tproxy@lists.balabit.hu<BR><B>Subject:</B> [tproxy] CentOS 5.1 and
Tproxy4<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: courier,monaco,monospace,sans-serif">Hello
everyone.<BR><BR>Setup:<BR>CentOS 5.1<BR>Kernel: Linux centos5.a3rocks.com
2.6.25.5 #1 SMP Sun Jun 8 11:15:19 EDT 2008 i686 athlon i386 GNU/Linux<BR>
<DIV>tproxy patch:
tproxy-kernel-2.6.25-20080519-165031-1211208631.tar.bz2<BR>iptables:
1.4<BR>iptables patch:
tproxy-iptables-1.4.0-20080521-113954-1211362794.patch<BR><BR>I think everything
went well on the patching of the kernel and patching of iptables. So here
is where I am. I am using the latest version of haproxy, which should
work.<BR><BR>I think the issue that I am having is due to the iptables. I
don't think iptables is letting haproxy connect to the secondary host
server. So haproxy is listening on port 50080, which is where I have
tproxy sitting. Please take a look at my iptables entry and tell me if I
am missing anything. I can see that my connection hits the proxy server,
but it does not relay to the secondary host.<BR><BR>Here is my iptables:<BR>echo
1 > /proc/sys/net/ipv4/ip_forward<BR>/usr/local/sbin/iptables -t mangle -A
PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port
50080<BR>ip rule add fwmark 1 lookup 100<BR>ip route add local 0.0.0.0/0 dev lo
table 100<BR>/usr/local/sbin/iptables -t mangle -N
DIVERT<BR>/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j
DIVERT<BR>/usr/local/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark
1<BR>/usr/local/sbin/iptables -t mangle -A DIVERT -j ACCEPT<BR><BR>The ip for
the proxy, where tproxy is sitting is 192.168.0.4 and the host server(running
IIS) is 192.1680.06.<BR><BR>I would like to use squid, but I am not familiar
with it, like I am with haproxy.<BR><BR>Any info would be appreciated. I
am stuck now.<BR><BR>Thanks.<BR>Mike<BR><BR></DIV><A href="http://a3rocks.com/"
target=_blank rel=nofollow></A><BR><BR><BR>
<DIV><BR></DIV></DIV><BR></BODY></HTML>