[tproxy] Can't get TPROXY working with squid
Eliezer Croitoru
eliezer at ngtech.co.il
Wed Feb 25 19:03:56 CET 2015
Hey Carvaka,
Did you had the chance to read this article:
http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2
Thanks,
Eliezer
On 25/02/2015 19:15, Carvaka Guru wrote:
> I am building a simple linux firewall router with eth1 LAN port and eth0
> WAN port. I have squid3 running on it that I have built with netfilter
> enabled. The linux version running on the firewall is debian wheezy which
> has iptables with TPROXY and socket support.
>
> By setting up the iptables to send traffic to squid3 using the original nat
> prerouting REDIRECT method everything works fine but I can't get the TPROXY
> method to work. I followed all the steps outlined in
> http://wiki.squid-cache.org/Features/Tproxy4 but no traffic gets to squid3.
> In fact all HTTP traffic goes into some hole as soon as I issue the
> followng two routing commands -
>
> ip rule add fwmark 1 lookup 100
> ip route add local 0.0.0.0/0 dev lo table 100
>
> Without these two commands the HTTP traffic goes through but never gets
> routed to squid3.
>
> I think the "ip route" command is the culprit but I don't know why or what
> to change it to?
>
> Any suggestions, help would be much appreciated.
>
> Thanks,
> carvaka
>
More information about the tproxy
mailing list