Thanks to Michael for this help, I've got a working install of Slackware 13 going and have squid running when I set it manually but TPROXY still results in a hanging connection. This is a bridged setup and I've done the ebtables rules but it doesnt seem to be doing the trick. Is there anyone here who has a working bridged setup? Regards Tristram On 8 March 2010 17:02, Michael 'Moose' Dinn <michael.dinn@airfire.ca> wrote:
We're doing it in router mode, and it's pretty darn easy.
Were you doing it in a bridge or in router "mode" and did you follow any guides/outlines of what to do?
get squid running non-transparently first so you can configure a browser to point at it. that means all your ACLs are correct.
add to squid.conf:
http_port 3129 tproxy
and restart squid
then, after you get the latest iptables, run:
/sbin/ip rule add fwmark 1 lookup 100 /sbin/ip route add local 0.0.0.0/0 dev lo table 100
/usr/sbin/iptables -F -t mangle /usr/sbin/iptables -t mangle -N MDIVERT /usr/sbin/iptables -t mangle -A MDIVERT -j MARK --set-mark 1 /usr/sbin/iptables -t mangle -A MDIVERT -j ACCEPT
#Use DIVERT to prevent existing connections going through TPROXY twice: /usr/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j MDIVERT
/usr/sbin/iptables -t mangle -A PREROUTING -p tcp -s SOURCE.IP.RANGE.TO/PROXY --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
replace the "source.ip.range.to/proxy" with whatever your proxy-able address space is and you're good to go.
enjoy!