Hello Arun! The access from inside my squid/tproxy box aren't shown in squid log files. I've tried your iptable rule, but has'nt worked. My box have a real IP (internet IP) in the bridge. I can't undersand why it isn't working... The squid works well, and my clients too. Thanks! Best Regards, Eduardo Schoedler. -------------------------------------------------- From: "Arun Srinivasan" <hi2arun@gmail.com> Subject: Re: [tproxy] Squid with tproxy extra brief FAQ - take 3 Hi, First make sure that the packets are going with source IP 127.0.0.1. If yes, then add the following rule: $ iptables -t nat -I POSTROUTING -o <outgoing_interface> -s 127.0.0.1 -j MASQUERADE If your packets are not going our with source IP 127.0.0.1, we may need to investigate Squid/other logs. HTH On 08/03/2008, Eduardo Schoedler <eschoedler@viavale.com.br> wrote:
Hi Arun!
Thanks for the answer. How can I do this ? It must be done in tproxy table in iptables?
Thanks!
Best Regards,
Eduardo Schoedler.
-------------------------------------------------- From: "Arun Srinivasan" <hi2arun@gmail.com> Subject: Re: [tproxy] Squid with tproxy extra brief FAQ - take 3
HTTP packets from localhost with Squid + Tproxy support would go out with source 127.0.0.1. You may need to masquerade.
On 07/03/2008, Eduardo Schoedler <eschoedler@viavale.com.br> wrote:
Just one thing I've forgot... Why can't I download from inside my linux/tproxy/squid box ?
# wget http://gentoo.osuosl.org/snapshots/portage-20080229.tar.bz2 --19:59:40-- http://gentoo.osuosl.org/snapshots/portage-20080229.tar.bz2 => `portage-20080229.tar.bz2' Resolving gentoo.osuosl.org... 140.211.166.134 Connecting to gentoo.osuosl.org|140.211.166.134|:80... failed: Connection timed out. Retrying.
--19:59:43-- http://gentoo.osuosl.org/snapshots/portage-20080229.tar.bz2 (try: 2) => `portage-20080229.tar.bz2' Connecting to gentoo.osuosl.org|140.211.166.134|:80...
Here's my ebtables rules:
Bridge chain: BROUTING, entries: 2, policy: ACCEPT -p IPv4 -i eth1 --ip-proto tcp --ip-dport 80 -j
edirect --redirect-target DROP -p IPv4 -i eth0 --ip-proto tcp --ip-sport 80 -j
edirect --redirect-target DROP
... and here my iptables rules:
Chain PREROUTING (policy ACCEPT) target prot opt source destination TPROXY tcp -- anywhere anywhere tcp dpt:http TPROXY redirect 0.0.0.0:3128
Any idea?
Thanks in advance.
Best Regards,
Eduardo Schoedler.