<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;">Hi list,<br><br>I have problems for install squid+tproxy on CentOS 5.2.<br>I using README.txt from balabit.com but not working, connections not register in access.log but in tcpdump on gateway register traffic.<br>My topology: <br><br>Link <> GW <> Tproxy <> Server<br><br>Connections from Server register in tcpdump in the GW, access.log in the Tproxy not...<br><br>CentOS 5.2<br>Iptables 1.4.0<br>squid-3.HEAD-20080831<br>tproxy-iptables-1.4.0-20080521-113954-1211362794.patch<br>tproxy-kernel-2.6.25-20080519-165031-1211208631<br>Kernel 2.6.25.11<br><br>iptables -t mangle -nL<br>Chain PREROUTING (policy ACCEPT)<br>target prot opt source destination <br>DIVERT tcp
-- 0.0.0.0/0 0.0.0.0/0 socket <br>TPROXY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 TPROXY redirect 0.0.0.0:50080 mark 0x1/0x1<br><br>Chain INPUT (policy ACCEPT)<br>target prot opt source destination <br><br>Chain FORWARD (policy ACCEPT)<br>target prot opt source destination <br><br>Chain OUTPUT (policy ACCEPT)<br>target prot opt
source destination <br><br>Chain POSTROUTING (policy ACCEPT)<br>target prot opt source destination <br><br>Chain DIVERT (1 references)<br>target prot opt source destination <br>MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK set 0x1 <br>ACCEPT all --
0.0.0.0/0 0.0.0.0/0 <br><br><br>ip rule sh<br>0: from all lookup 255 <br>32765: from all fwmark 0x1 lookup 100 <br>32766: from all lookup main <br>32767: from all lookup default <br><br>ip route sh table 100<br>local default dev lo scope host <br><br>squid.conf<br>http_port 50080 transparent tproxy<br>cache_dir ufs /cache 100 16 256<br>access_log /var/logs/access.log squid<br>visible_hostname tproxy<br>acl manager proto cache_object<br>acl localhost src 127.0.0.1/32<br>acl to_localhost dst 127.0.0.0/8<br>acl localnet src 10.0.0.0/8 # RFC1918 possible internal network<br>acl localnet src 172.16.0.0/12 # RFC1918 possible internal network<br>acl localnet src 192.168.0.0/16 # RFC1918 possible internal network<br>acl ALL2 src 192.168.0.0/16<br>acl
SSL_ports port 443<br>acl Safe_ports port 80 # http<br>acl Safe_ports port 21 # ftp<br>acl Safe_ports port 443 # https<br>acl Safe_ports port 70 # gopher<br>acl Safe_ports port 210 # wais<br>acl Safe_ports port 1025-65535 # unregistered ports<br>acl Safe_ports port 280 # http-mgmt<br>acl Safe_ports port 488 # gss-http<br>acl Safe_ports port 591 # filemaker<br>acl Safe_ports port 777 # multiling http<br>acl CONNECT method CONNECT<br>http_access allow all<br>http_access allow ALL2<br>http_access allow
manager localhost<br>http_access deny manager<br>http_access deny !Safe_ports<br>http_access deny CONNECT !SSL_ports<br>http_access allow localnet<br>http_access deny all<br>icp_access allow localnet<br>icp_access deny all<br>htcp_access allow localnet<br>htcp_access deny all<br>hierarchy_stoplist cgi-bin ?<br>refresh_pattern ^ftp: 1440 20% 10080<br>refresh_pattern ^gopher: 1440 0% 1440<br>refresh_pattern -i (/cgi-bin/|\?) 0 0% 0<br>refresh_pattern . 0 20% 4320<br>icp_port 3130<br>error_directory /usr/share/errors/en<br>coredump_dir
/var/cache<br><br><br><br><br></td></tr></table><br>
<hr size=1>Novos endereços, o Yahoo! que você conhece. <a href="http://br.rd.yahoo.com/mail/taglines/mail/*http://br.new.mail.yahoo.com/addresses">Crie um email novo</a> com a sua cara @ymail.com ou @rocketmail.com.