Hi, On cs, jún 11, 2009 at 03:49:39 -0300, renato@univem.edu.br wrote:
Ok, friends, just to let it in the list's archives for other ppl with the same prolem, to run the TPROXY v4 with the last kernel and last squid 3.1, considering a br0 bridge with eth0 for the Internet and eth1 for the users/LAN/Intranet, you need to follow the instructions in the documentation and, for the rules, use:
----------- ebtables -t broute -I BROUTING -i eth1 -p ipv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP ebtables -t broute -I BROUTING -i eth0 -p ipv4 --ip-proto tcp --ip-sport 80 -j redirect --redirect-target DROP iptables -t mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 echo 1 > /proc/sys/net/ipv4/ip_forward ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 cd /proc/sys/net/bridge/ for i in * do echo 0 > $i done unset i
ip ro flu ca
------------------------------
Works like a charm!!
Thanks for the nice summary. We'll try and include the bridging-related parts in the kernel documentation. -- KOVACS Krisztian