Hi, On v, nov 30, 2008 at 07:13:22 +0100, Przemysław Kudyba wrote:
Hello.
I have set up fully transpatent http proxy, my problem is: squid sends requests with ip:port of te box running squid instead of clients ip.
Here's my config:
kernel patch: tproxy4-2.6.26-200809262032 iptables patch: tproxy-iptables-1.4.0-20080521-113954-1211362794 squid: squid-3.HEAD-20081127
iptables & iproute rules:
iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 80 -j TPROXY --on-port 3128 --tproxy-mark 0x1/0x1
ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100
squid conf:
http_port 192.168.250.2:3128 tproxy
217.97.174.18 - my laptop 212.77.100.101 - some www page
Do you have other http_ports defined? Does it change anything if you use http_port 3128 tproxy that is, you omit the IP from the listener config? If not, can you get detailed debug logs from squid? -- KOVACS Krisztian