[tproxy] Can't get TPROXY working with squid
Carvaka Guru
carvakaguru at gmail.com
Wed Feb 25 18:15:47 CET 2015
I am building a simple linux firewall router with eth1 LAN port and eth0
WAN port. I have squid3 running on it that I have built with netfilter
enabled. The linux version running on the firewall is debian wheezy which
has iptables with TPROXY and socket support.
By setting up the iptables to send traffic to squid3 using the original nat
prerouting REDIRECT method everything works fine but I can't get the TPROXY
method to work. I followed all the steps outlined in
http://wiki.squid-cache.org/Features/Tproxy4 but no traffic gets to squid3.
In fact all HTTP traffic goes into some hole as soon as I issue the
followng two routing commands -
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
Without these two commands the HTTP traffic goes through but never gets
routed to squid3.
I think the "ip route" command is the culprit but I don't know why or what
to change it to?
Any suggestions, help would be much appreciated.
Thanks,
carvaka
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20150225/42838d5a/attachment.htm
More information about the tproxy
mailing list