What exactly are the redirection rules for wccp/iptables 1.4/squid 2.6/tproxy look like? I have browsed the Internet plus messed with it for a while now and found that the README rules don't fully work, and the examples on the Internet don't fully work. Symptomatically, I see the router redirecting via the GRE tunnel, the squid box sees the gre packets (2.6 kernel), but ifconfig does not show the GRE interface counters incrementing, and the squid service run in debug mode shows no transactions. Something is wrong with either my iptables rules or my GRE tunnel setup. I don't think it is the GRE tunnel because I set it up the same exact was as I did the non-tproxy squid boxes that I have in the same setup which are working. Any help would be a appreciated. I can provide my rule setup, etc. if needed. My knowledge and direct interaction is limited with iptables, which is one more reason why I think the problem is there. BTW - my system log does show the tproxy module loading. Nick
Ritter, Nicholas wrote:
What exactly are the redirection rules for wccp/iptables 1.4/squid 2.6/tproxy look like? I have browsed the Internet plus messed with it for a while now and found that the README rules don't fully work, and
Could you tell, what is the problem with the rules in README? That is for TProxy 4.1. In fact, Squid-2.6 doesn't spoof the client's IP but it works with TProxy. Only Squid version 3.1 has full TProxy 4.1 support. For cttproxy2 propably this is a good article: http://web.suffieldacademy.org/ils/netadmin/docs/software/squid/
the examples on the Internet don't fully work.
Symptomatically, I see the router redirecting via the GRE tunnel, the squid box sees the gre packets (2.6 kernel), but ifconfig does not show the GRE interface counters incrementing, and the squid service run in debug mode shows no transactions. Something is wrong with either my iptables rules or my GRE tunnel setup. I don't think it is the GRE tunnel because I set it up the same exact was as I did the non-tproxy squid boxes that I have in the same setup which are working.
Any help would be a appreciated. I can provide my rule setup, etc. if needed. My knowledge and direct interaction is limited with iptables, which is one more reason why I think the problem is there. BTW - my system log does show the tproxy module loading.
Nick
-- Panther
Laszlo Attila Toth wrote:
Ritter, Nicholas wrote:
What exactly are the redirection rules for wccp/iptables 1.4/squid 2.6/tproxy look like? I have browsed the Internet plus messed with it for a while now and found that the README rules don't fully work, and
Could you tell, what is the problem with the rules in README? That is for TProxy 4.1. In fact, Squid-2.6 doesn't spoof the client's IP but it works with TProxy.
Only Squid version 3.1 has full TProxy 4.1 support.
For cttproxy2 propably this is a good article:
http://web.suffieldacademy.org/ils/netadmin/docs/software/squid/
I have tested wccp/iptables1.4/squid2.6/tproxy to be working with Cisco router. But of course this is just a lab test. Basically the setup needed is very similar to using squid in wccp without tproxy, with minor difference.
the examples on the Internet don't fully work.
Symptomatically, I see the router redirecting via the GRE tunnel, the squid box sees the gre packets (2.6 kernel), but ifconfig does not show the GRE interface counters incrementing, and the squid service run in debug mode shows no transactions. Something is wrong with either my iptables rules or my GRE tunnel setup. I don't think it is the GRE tunnel because I set it up the same exact was as I did the non-tproxy squid boxes that I have in the same setup which are working.
Any help would be a appreciated. I can provide my rule setup, etc. if needed. My knowledge and direct interaction is limited with iptables, which is one more reason why I think the problem is there. BTW - my system log does show the tproxy module loading.
Your attempt to perform the setup should be provided and posted here. I don't think we will be too interested to ask it from you. :-) Cheers
participants (3)
-
Laszlo Attila Toth
-
Ming-Ching Tiew
-
Ritter, Nicholas