[tproxy] CentOS 5.1 and Tproxy4
Mike Adkins
mike at a3rocks.com
Wed Jun 11 17:28:11 CEST 2008
Hello everyone.
Setup:
CentOS 5.1
Kernel: Linux centos5.a3rocks.com 2.6.25.5 #1 SMP Sun Jun 8 11:15:19 EDT 2008 i686 athlon i386 GNU/Linux
tproxy patch: tproxy-kernel-2.6.25-20080519-165031-1211208631.tar.bz2
iptables: 1.4
iptables patch: tproxy-iptables-1.4.0-20080521-113954-1211362794.patch
I think everything went well on the patching of the kernel and patching of iptables. So here is where I am. I am using the latest version of haproxy, which should work.
I think the issue that I am having is due to the iptables. I don't think iptables is letting haproxy connect to the secondary host server. So haproxy is listening on port 50080, which is where I have tproxy sitting. Please take a look at my iptables entry and tell me if I am missing anything. I can see that my connection hits the proxy server, but it does not relay to the secondary host.
Here is my iptables:
echo 1 > /proc/sys/net/ipv4/ip_forward
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 50080
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
/usr/local/sbin/iptables -t mangle -N DIVERT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
/usr/local/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1
/usr/local/sbin/iptables -t mangle -A DIVERT -j ACCEPT
The ip for the proxy, where tproxy is sitting is 192.168.0.4 and the host server(running IIS) is 192.1680.06.
I would like to use squid, but I am not familiar with it, like I am with haproxy.
Any info would be appreciated. I am stuck now.
Thanks.
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20080611/038dc5bd/attachment.htm
More information about the tproxy
mailing list