[tproxy] Squid 3.1 + Tproxy 4.1 in Bridge Mode
Tiago Resende
tresende at gmail.com
Fri Jul 31 20:51:30 CEST 2009
Hi,
I tried to run squid 3.1 with tproxy in a bridge mode, but I just receive a
Connection timed out. In access.log shows this entries:
1249010814.562 11319 187.0.xxx.xxx TCP_MISS/000 0 GET
http://teklimbu.wordpress.com/2007/10/11/running-a-transparent-linux-squid-bridge/-
DIRECT/
teklimbu.wordpress.com
1249010999.257 182407 187.0.xxx.xxx TCP_MISS/504 4146 GET
http://teklimbu.wordpress.com/2007/10/11/running-a-transparent-linux-squid-bridge/-
DIRECT/
72.233.2.59 text/html
These entries were transparently redirected to Squid, but after a long time
the Squid returns a error page (110 connection timed out).
I tried many ways, and nothing! The actual configuration is:
eth0(Internet)
eth1(intranet)
br0 - bridge with eth0 and eth1
kernel 2.6.30.3
ebtables -t broute -A BROUTING -i eth0 -p ipv4 --ip-proto tcp --ip-dport 80
-j redirect --redirect-target DROP
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark
0x1/0x1 --on-port 3129
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
I already tried:
cd /proc/sys/net/bridge
for i in *; do echo 0 > $i; done
Someone has an idea?
Thanks,
Tiago Resende
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20090731/a45ddad4/attachment.htm
More information about the tproxy
mailing list