[tproxy] TPROXY but without bridging?

[Laszlo Attila Toth]

admin at abp.pl wrote:
> Hello,
> 
> I wrote bellow my progress in implementation tproxy to work with
> squid-2.6. I have only one problem.
> 
> 
> ---
> On routers A,B.. (from my topology diagram)
> (eth1 is lan interface)
> 
> $BIN_IPT -t mangle -A PREROUTING -i eth1 -m state --state NEW -p tcp
> --dport 80 -j CONNMARK --set-mark 2
> $BIN_IPT -t mangle -A PREROUTING -i eth1 -j CONNMARK --restore-mark
> 
> ip route add table 100 default via [squid_ip]
> ip rule add fwmark 2 lookup 100
> 
> ---
> On router 0:
> (eth1 is lan interface,eth0 wan interface)
> iptables -t mangle -A PREROUTING -i eth1 -m state --state NEW -p tcp
> --dport 80 -j CONNMARK --set-mark 1
> iptables -t mangle -A PREROUTING -i eth0 -j CONNMARK --restore-mark
> 
> ---
> On squid:
> iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark
> 0x1/0x1 --on-port 3128
> iptables -t mangle -N DIVERT
> iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
> iptables -t mangle -A DIVERT -j MARK --set-mark 1
> iptables -t mangle -A DIVERT -j ACCEPT
> ip rule add fwmark 1 lookup 100
> ip route add local 0.0.0.0/0 dev lo table 100
> 
> and on squid machine i have also routing entries for all routable
> subclasses from routers a,b,c...
> 
> on squid.conf:
> http_port 3128 transparent tproxy
> 
> #uname -a
> Linux w3cache 2.6.25-rc7
> (patched by tproxy-20080227-171356-1204128836.tar.bz2)
> 
> I atached also output from dmesg | grep TPROXY.
> 
> Squid patched by tproxy-squid-2.6-STABLE18.20080304-110716-1204625236.patch
> 
> Traffic flows by squid correctly but like you said web servers outside
> network logs connections with ip of squid machine - not clients. Is any
> chance to fix it?

The latest squid-3 patch solves this problem but I haven't got the same 
for squid-2.6. The squid-3 patch is made by Amos Jeffries and I added 
two diffs to the end of it (if you see the content).

--
Panther