I followed the guide here to set up squid to do transparent cacheing using wccpv2, and it works quite well. So I took the next step to use tproxy.
I followed this page to introduce tproxy into the mix:
http://wiki.squid-cache.org/SquidFaq/InterceptionProxy
The kernel is compiled with tproxy, as is iptables and squid 2.7Stable7.
I have set up iptables, the ip rule and ip route according to the guide.
I'm running Ubuntu with kernel 2.6.28, iptables 1.4.3, squid 2.7.Stable7.
For some reason the traffic never makes it to port 3129. Do I need to leave the iptables nat config for 3128 even though I am using tproxy? Am I missing something here?
TIA,
--Joe
Squid port config:
# Squid normally listens to port 3128
http_port 128.226.100.61:3128 transparent
http_port 128.226.100.61:3129 tproxy
Output of iptables:
root_at_indianwells:~# iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DIVERT tcp -- anywhere anywhere socket
TPROXY tcp -- anywhere anywhere tcp dpt:www TPROXY redirect 128.226.100.61:3129 mark 0x1/0x1
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain DIVERT (1 references)
target prot opt source destination
MARK all -- anywhere anywhere MARK xset 0x1/0xffffffff
ACCEPT all -- anywhere anywhere
root_at_indianwells:~#
Joe Roth
Networking Group
Binghamton University
Ph. 607-777-7528
Fax 607-777-4009
gNote: Information Technology Services (ITS) will never ask for personal or password information via email. If you have received an unsolicited email that appears to be from Binghamton University or Binghamton University ITS requesting password information, please DO NOT RESPOND.
Received on Sun Nov 01 2009 - 13:09:58 MST
This archive was generated by hypermail 2.2.0 : Mon Nov 02 2009 - 12:00:02 MST