I am using CentOS 5.1 and Tproxy 4, with squid. I should say am using it, but working on using it. I am having wierd problems with IPTables as well.
 
Nick

From: tproxy-bounces@lists.balabit.hu [mailto:tproxy-bounces@lists.balabit.hu] On Behalf Of Mike Adkins
Sent: Wednesday, June 11, 2008 10:28 AM
To: tproxy@lists.balabit.hu
Subject: [tproxy] CentOS 5.1 and Tproxy4

Hello everyone.

Setup:
CentOS 5.1
Kernel: Linux centos5.a3rocks.com 2.6.25.5 #1 SMP Sun Jun 8 11:15:19 EDT 2008 i686 athlon i386 GNU/Linux
tproxy patch: tproxy-kernel-2.6.25-20080519-165031-1211208631.tar.bz2
iptables: 1.4
iptables patch: tproxy-iptables-1.4.0-20080521-113954-1211362794.patch

I think everything went well on the patching of the kernel and patching of iptables.  So here is where I am.  I am using the latest version of haproxy, which should work.

I think the issue that I am having is due to the iptables.  I don't think iptables is letting haproxy connect to the secondary host server.  So haproxy is listening on port 50080, which is where I have tproxy sitting.  Please take a look at my iptables entry and tell me if I am missing anything.  I can see that my connection hits the proxy server, but it does not relay to the secondary host.

Here is my iptables:
echo 1 > /proc/sys/net/ipv4/ip_forward
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 50080
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
/usr/local/sbin/iptables -t mangle -N DIVERT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
/usr/local/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1
/usr/local/sbin/iptables -t mangle -A DIVERT -j ACCEPT

The ip for the proxy, where tproxy is sitting is 192.168.0.4 and the host server(running IIS) is 192.1680.06.

I would like to use squid, but I am not familiar with it, like I am with haproxy.

Any info would be appreciated.  I am stuck now.

Thanks.
Mike