Thanks to Michael for this help,

I've got a working install of Slackware 13 going and have squid running when I set it manually but TPROXY still results in a hanging connection. This is a bridged setup and I've done the ebtables rules but it doesnt seem to be doing the trick.

Is there anyone here who has a working bridged setup?

Regards

Tristram

On 8 March 2010 17:02, Michael 'Moose' Dinn <michael.dinn@airfire.ca> wrote:


We're doing it in router mode, and it's pretty darn easy.

> Were you doing it in a bridge or in router "mode" and did you follow any
> guides/outlines of what to do?

get squid running non-transparently first so you can configure a browser to
point at it. that means all your ACLs are correct.

add to squid.conf:

http_port 3129 tproxy


and restart squid


then, after you get the latest iptables, run:


/sbin/ip rule add fwmark 1 lookup 100
/sbin/ip route add local 0.0.0.0/0 dev lo table 100

/usr/sbin/iptables -F -t mangle
/usr/sbin/iptables -t mangle -N MDIVERT
/usr/sbin/iptables -t mangle -A MDIVERT -j MARK --set-mark 1
/usr/sbin/iptables -t mangle -A MDIVERT -j ACCEPT

#Use DIVERT to prevent existing connections going through TPROXY twice:
/usr/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j MDIVERT

/usr/sbin/iptables -t mangle -A PREROUTING -p tcp -s SOURCE.IP.RANGE.TO/PROXY --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129


replace the "source.ip.range.to/proxy" with whatever your proxy-able address
space is and you're good to go.

enjoy!