Re: [tproxy] TPROXY but without bridging?
Dnia Wt Kwietnia 1 2008, 10:26, Laszlo Attila Toth napisał(a):
admin@abp.pl wrote:
I wrote bellow my progress in implementation tproxy to work with squid-2.6. I have only one problem.
--- On routers A,B.. (from my topology diagram) (eth1 is lan interface)
$BIN_IPT -t mangle -A PREROUTING -i eth1 -m state --state NEW -p tcp --dport 80 -j CONNMARK --set-mark 2 $BIN_IPT -t mangle -A PREROUTING -i eth1 -j CONNMARK --restore-mark
ip route add table 100 default via [squid_ip] ip rule add fwmark 2 lookup 100
--- On router 0: (eth1 is lan interface,eth0 wan interface) iptables -t mangle -A PREROUTING -i eth1 -m state --state NEW -p tcp --dport 80 -j CONNMARK --set-mark 1 iptables -t mangle -A PREROUTING -i eth0 -j CONNMARK --restore-mark
--- On squid: iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3128 iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100
and on squid machine i have also routing entries for all routable subclasses from routers a,b,c...
on squid.conf: http_port 3128 transparent tproxy
#uname -a Linux w3cache 2.6.25-rc7 (patched by tproxy-20080227-171356-1204128836.tar.bz2)
I atached also output from dmesg | grep TPROXY.
Squid patched by tproxy-squid-2.6-STABLE18.20080304-110716-1204625236.patch
Traffic flows by squid correctly but like you said web servers outside network logs connections with ip of squid machine - not clients. Is any chance to fix it?
The latest squid-3 patch solves this problem but I haven't got the same for squid-2.6. The squid-3 patch is made by Amos Jeffries and I added two diffs to the end of it (if you see the content).
Squid-3 is still worse than squid-2.6 (coss implementation ect..) I didn't see benefits from posibility of migrate to squid-3. So is any chance to quick modify patch for 2.5 version of squid? Regards, -- Tomasz
participants (1)
-
admin@abp.pl