[tproxy] Iptables rules

Ming-Ching Tiew mingching.tiew at redtone.com
Tue Jun 3 14:59:43 CEST 2008

Laszlo Attila Toth wrote:
> Ritter, Nicholas wrote:
>> What exactly are the redirection rules for wccp/iptables 1.4/squid
>> 2.6/tproxy look like? I have browsed the Internet plus messed with it
>> for a while now and found that the README rules don't fully work, and
> Could you tell, what is the problem with the rules in README? That is 
> for TProxy 4.1. In fact, Squid-2.6 doesn't spoof the client's IP but it 
> works with TProxy.
> Only Squid version 3.1 has full TProxy 4.1 support.
> For cttproxy2 propably this is a good article:
> http://web.suffieldacademy.org/ils/netadmin/docs/software/squid/

I have tested wccp/iptables1.4/squid2.6/tproxy to be working
with Cisco router. But of course this is just a lab test. Basically
the setup needed is very similar to using squid in wccp without
tproxy,  with minor difference.

>> the examples on the Internet don't fully work.
>> Symptomatically, I see the router redirecting via the GRE tunnel, the
>> squid box sees the gre packets (2.6 kernel), but ifconfig does not show
>> the GRE interface counters incrementing, and the squid service run in
>> debug mode shows no transactions. Something is wrong with either my
>> iptables rules or my GRE tunnel setup. I don't think it is the GRE
>> tunnel because I set it up the same exact was as I did the non-tproxy
>> squid boxes that I have in the same setup which are working.
>> Any help would be a appreciated. I can provide my rule setup, etc. if
>> needed. My knowledge and direct interaction is limited with iptables,
>> which is one more reason why I think the problem is there. BTW - my
>> system log does show the tproxy module loading.

Your attempt to perform the setup should be provided and posted here.
I don't think we will be too interested to ask it from you. :-)


More information about the tproxy mailing list