[tproxy] Tproxy + Squid 2.6
Enrico Demarin (home)
enricod at videotron.ca
Thu Sep 14 04:32:16 CEST 2006
( re-sending, sent it from an unsubscribed address )
Hi everyone,
I posted this on squid.users , but maybe someone here can be helpful as
well ( especially in clarifying wether cttproxy will or not work with a
bridge ).
I am using a vanilla 2.4.33.3 kernel, with the last 2.4.33 cttproxy
patch 2.0.5 and the latest ebtables patch.
I am trying to get squid 2.6 + cttproxy to work on a transparently
bridged environment, with scarce results.
The bridging works fine, squid is compiled with tproxy support , and has
the following directives ( among the others):
http_port 3128 transparent tproxy vhost vport=80
always_direct allow all
I enable the redirection as follows:
ebtables -t broute -A BROUTING -p IPv4 --ip-protocol-6
--ip-destination-port 80 -j redirect --redirect-target ACCEPT
iptables -t tproxy -A PREROUTING -i br0 -p tcp --dport 80 -j TPROXY
--on-port 3128
However Squid doesnt seem to able to spoof the original IP:
all i get is a bunch of:
2006/09/13 01:01:55| tproxy ip=10.0.0.200,0xc800000a,port=0 ERROR
ASSIGN
2006/09/13 01:01:55| tproxy ip=10.0.0.200,0xc800000a,port=0 ERROR
ASSIGN
2006/09/13 01:01:55| tproxy ip=10.0.0.200,0xc800000a,port=0 ERROR
ASSIGN
2006/09/13 01:03:16| tproxy ip=10.0.0.200,0xc800000a,port=0 ERROR
ASSIGN
2006/09/13 01:03:29| tproxy ip=10.0.0.200,0xc800000a,port=0 ERROR
ASSIGN
The br0 interface has an ip assigned of 10.0.0.254 in the same subnet
of 10.0.0.200 ( the client ).
Did any one get squid+cttproxy to work on a bridge ? What am I missing
?
thanks for your answer,
Enrico
More information about the tproxy
mailing list