[tproxy] [SOLUTION] [SOLVED] Re: Squid 3.1 + Tproxy 4.1 in Bridge Mode
KOVACS Krisztian
hidden at sch.bme.hu
Mon Jun 15 08:00:23 CEST 2009
Hi,
On cs, jún 11, 2009 at 03:49:39 -0300, renato at univem.edu.br wrote:
> Ok, friends, just to let it in the list's archives for other ppl with the
> same prolem, to run the TPROXY v4 with the last kernel and last squid 3.1,
> considering a br0 bridge with eth0 for the Internet and eth1 for the
> users/LAN/Intranet, you need to follow the instructions in the
> documentation and, for the rules, use:
>
> -----------
> ebtables -t broute -I BROUTING -i eth1 -p ipv4 --ip-proto tcp --ip-dport
> 80 -j redirect --redirect-target DROP
> ebtables -t broute -I BROUTING -i eth0 -p ipv4 --ip-proto tcp --ip-sport
> 80 -j redirect --redirect-target DROP
> iptables -t mangle -N DIVERT
> iptables -t mangle -A DIVERT -j MARK --set-mark 1
> iptables -t mangle -A DIVERT -j ACCEPT
> iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j TPROXY
> --tproxy-mark 0x1/0x1 --on-port 3129
> echo 1 > /proc/sys/net/ipv4/ip_forward
> ip rule add fwmark 1 lookup 100
> ip route add local 0.0.0.0/0 dev lo table 100
> cd /proc/sys/net/bridge/
> for i in *
> do
> echo 0 > $i
> done
> unset i
>
> ip ro flu ca
>
> ------------------------------
>
> Works like a charm!!
Thanks for the nice summary. We'll try and include the bridging-related
parts in the kernel documentation.
--
KOVACS Krisztian
More information about the tproxy
mailing list