[tproxy] Squid with tproxy extra brief FAQ - take 3

Eduardo Schoedler eschoedler at viavale.com.br
Mon Mar 10 22:16:36 CET 2008


Just something ele...

If I remove the ebtables (broute) / iptables (tproxy) rules, my box can 
access the other servers via http.
Thanks in advance!


Best Regards,

Eduardo Schoedler.


--------------------------------------------------
From: "Eduardo Schoedler" <eschoedler at viavale.com.br>
Subject: Re: [tproxy] Squid with tproxy extra brief FAQ - take 3

Hello Arun!

The access from inside my squid/tproxy box aren't shown in squid log files.
I've tried your iptable rule, but has'nt worked.

My box have a real IP (internet IP) in the bridge.
I can't undersand why it isn't working...

The squid works well, and my clients too.

Thanks!

Best Regards,

Eduardo Schoedler.


--------------------------------------------------
From: "Arun Srinivasan" <hi2arun at gmail.com>
Subject: Re: [tproxy] Squid with tproxy extra brief FAQ - take 3

Hi,

First make sure that the packets are going with source IP 127.0.0.1.

If yes, then add the following rule:

$ iptables -t nat -I POSTROUTING -o <outgoing_interface> -s 127.0.0.1
-j MASQUERADE

If your packets are not going our with source IP 127.0.0.1, we may
need to investigate Squid/other logs.

HTH

On 08/03/2008, Eduardo Schoedler <eschoedler at viavale.com.br> wrote:
> Hi Arun!
>
>  Thanks for the answer.
>  How can I do this ?
>  It must be done in tproxy table in iptables?
>
>  Thanks!
>
>  Best Regards,
>
>  Eduardo Schoedler.
>
>
>
>  --------------------------------------------------
>  From: "Arun Srinivasan" <hi2arun at gmail.com>
>  Subject: Re: [tproxy] Squid with tproxy extra brief FAQ - take 3
>
>
>  HTTP packets from localhost with Squid + Tproxy support would go out
>  with source 127.0.0.1. You may need to masquerade.
>
>  On 07/03/2008, Eduardo Schoedler <eschoedler at viavale.com.br> wrote:
>  > Just one thing I've forgot...
>  >  Why can't I download from inside my linux/tproxy/squid box ?
>  >
>  >
>  >   # wget http://gentoo.osuosl.org/snapshots/portage-20080229.tar.bz2
>  >  --19:59:40--
> http://gentoo.osuosl.org/snapshots/portage-20080229.tar.bz2
>  >            => `portage-20080229.tar.bz2'
>  >  Resolving gentoo.osuosl.org... 140.211.166.134
>  >  Connecting to gentoo.osuosl.org|140.211.166.134|:80... failed:
> Connection
>  >  timed out.
>  >  Retrying.
>  >
>  >  --19:59:43--
> http://gentoo.osuosl.org/snapshots/portage-20080229.tar.bz2
>  >   (try: 2) => `portage-20080229.tar.bz2'
>  >  Connecting to gentoo.osuosl.org|140.211.166.134|:80...
>  >
>  >
>  >  Here's my ebtables rules:
>  >
>  >  Bridge chain: BROUTING, entries: 2, policy: ACCEPT
>  >  -p IPv4 -i eth1 --ip-proto tcp --ip-dport 80 -j
>
> > edirect  --redirect-target
>  >  DROP
>  >  -p IPv4 -i eth0 --ip-proto tcp --ip-sport 80 -j
>
> > edirect  --redirect-target
>  >  DROP
>  >
>  >
>  >  ... and here my iptables rules:
>  >
>  >  Chain PREROUTING (policy ACCEPT)
>  >  target     prot opt source               destination
>  >  TPROXY     tcp  --  anywhere             anywhere            tcp
> dpt:http
>  >  TPROXY redirect 0.0.0.0:3128
>  >
>  >  Any idea?
>  >
>  >  Thanks in advance.
>  >
>  >  Best Regards,
>  >
>  >
>  >  Eduardo Schoedler. 



More information about the tproxy mailing list