<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
People,<br>
<br>
Using a tip from Pablo it worked in the bellow layout. I will try it
for real tomorow. Hope to work!<br>
<br>
Nataniel Klug escreveu:
<blockquote cite="mid:485BE704.5040509@cnett.com.br" type="cite">
People,<br>
<br>
After a long time waiting to implement this solution I came here to
ask how can I configure the redirection from iptables to squid. My
squid.conf has this line:<br>
<br>
<i>http_port 3128 tproxy</i><br>
<br>
It starts ok. For a test I have made this "transparent" and make a
rule on iptables (iptables -t nat -A PREROUTING -s .... -p tcp -m tcp
--dport 80 -j REDIRECT --to-ports 3128) and it works fine. It is really
getting stuff and putting into cache (TCP_HIT). So, my network layout
(for testing purpose only) is:<br>
<br>
<i>[ internet ] --- [ router ] --- [ cache ] --- [ me ]<br>
<br>
"me" network: 10.0.0.0/24 (me = .2 and cache = .1)<br>
"cache" network: 192.168.1.0/24 (cache = .9 and router = .1)</i><br>
<br>
This is a fine layout to work as a transparent proxy (using
transparent). My router make a route to 10.0.0.0/24 throu cache, like:<br>
<br>
<i>route add -net 10.0.0.0/24 gw 192.168.1.9</i><br>
<br>
And in this router I am masquerading this network.<br>
<br>
I don't know if in this layout I can make this work so, I have made
this script (based on README from tproxy):<br>
<hr size="2" width="100%"><i>#!/bin/bash<br>
<br>
IP="/sbin/ip"<br>
IPT="/sbin/iptables"<br>
<br>
PROXY_PT="3128"<br>
PROXY_MK="1"<br>
<br>
#----<br>
# Criando as regras de redicionamento dos pacotes<br>
# marcados pelo iptables<br>
#----<br>
$IP rule add fwmark $PROXY_MK lookup 100<br>
$IP route add local 0.0.0.0/0 dev lo table 100<br>
<br>
#----<br>
# Criando as regras do iptables<br>
#----<br>
$IPT -t mangle -F<br>
$IPT -t mangle -N DIVERT<br>
$IPT -t mangle -A PREROUTING -p tcp -m socket -j DIVERT<br>
$IPT -t mangle -A DIVERT -j MARK --set-mark 1<br>
$IPT -t mangle -A DIVERT -j ACCEPT<br>
<br>
#----<br>
# Marca os pacotes com destino ao cache<br>
#----<br>
$IPT -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark
0x1/0x1 --on-port $PROXY_PT</i><br>
<hr size="2" width="100%"> This script is running as the box
boots.
When I start the cache it works fine but when I try to open a website
squid access.log shows this:<br>
<hr size="2" width="100%"><i>1213980761.622 0 10.0.0.2 NONE/400
1497 GET /mrtg/trafego.php - NONE/- text/html<br>
1213980783.535 0 10.0.0.2 NONE/400 1465 GET / - NONE/- text/html<br>
1213980783.654 0 10.0.0.2 NONE/400 1487 GET /favicon.ico - NONE/-
text/html<br>
1213980794.052 0 10.0.0.2 NONE/400 1465 GET / - NONE/- text/html<br>
1213980794.661 0 10.0.0.2 NONE/400 1465 GET / - NONE/- text/html<br>
1213980795.181 0 10.0.0.2 NONE/400 1465 GET / - NONE/- text/html<br>
1213980906.136 0 10.0.0.2 NONE/400 1465 GET / - NONE/- text/html</i><br>
<hr size="2" width="100%"> And in my browser show that the URL
could not be recovered and its URL is invalid.<br>
<br>
What can I do to solve this problem?<br>
<br>
<pre class="moz-signature" cols="72">--
Att,
NATANIEL KLUG
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:nata@cnett.com.br">nata@cnett.com.br</a>
LEIA O DIA-A-DIA DO NATA
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://nataklug.blogspot.com/">http://nataklug.blogspot.com/</a>
Cyber Nett - Internet Banda Larga
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="http://www.cnett.com.br">www.cnett.com.br</a>
(42) 3635-2957
Rua Diogo Pinto, 1046, Centro
Laranjeiras do Sul - PR
Brasil - 85301-290
"... também os sábios possuem coração tangível e podem, por vezes, usar da ciência como meio de demonstrar impressões sentimentais de que muitos não os julgam suscetíveis."
Visconde de Taunay</pre>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
tproxy mailing list
<a class="moz-txt-link-abbreviated" href="mailto:tproxy@lists.balabit.hu">tproxy@lists.balabit.hu</a>
<a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/tproxy">https://lists.balabit.hu/mailman/listinfo/tproxy</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Att,
NATANIEL KLUG
<a class="moz-txt-link-abbreviated" href="mailto:nata@cnett.com.br">nata@cnett.com.br</a>
LEIA O DIA-A-DIA DO NATA
<a class="moz-txt-link-freetext" href="http://nataklug.blogspot.com/">http://nataklug.blogspot.com/</a>
Cyber Nett - Internet Banda Larga
<a class="moz-txt-link-abbreviated" href="http://www.cnett.com.br">www.cnett.com.br</a>
(42) 3635-2957
Rua Diogo Pinto, 1046, Centro
Laranjeiras do Sul - PR
Brasil - 85301-290
"... também os sábios possuem coração tangível e podem, por vezes, usar da ciência como meio de demonstrar impressões sentimentais de que muitos não os julgam suscetíveis."
Visconde de Taunay</pre>
</body>
</html>