[squid-users] Re: TPROXY

From: alvarogp <alvarix.gp_at_gmail.com>
Date: Tue, 28 May 2013 00:58:44 -0700 (PDT)

alvarogp wrote
> Hello,
>
> I have the next configuration:
> - Ubuntu 12.04 with 2 interfaces eth0 (local) and eth1 (internet access)
> - IPtables 1.4.12
> - Squid 3.3.4 with Tproxy
>
> With Iptables I have configured the proxy to forward the traffic from the
> local LAN (eth0) to the outside world (eth1). The configuration is:
>
> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
> iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED
> -j ACCEPT
> iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> To configure and install Tproxy I have followed the tutorial described in
> the wiki:
>
> ./configure --enable-linux-netfilter
>
> net.ipv4.ip_forward = 1
> net.ipv4.conf.default.rp_filter = 0
> net.ipv4.conf.all.rp_filter = 0
> net.ipv4.conf.eth0.rp_filter = 0
>
> iptables -t mangle -N DIVERT
> iptables -t mangle -A DIVERT -j MARK --set-mark 1
> iptables -t mangle -A DIVERT -j ACCEPT
> iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
> iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
> --tproxy-mark 0x1/0x1 --on-port 3129
>
> For squid.conf, I have maintained the configuration my default adding to
> it:
>
> http_port 3128
> http_port 3129 tproxy
>
> If Squid is running, the packets from the local LAN are routed correctly
> and the web pages are showed perfectly. The problem I have is that this
> accesses are not reflected in the access.log and cache.log, so could be
> possible that squid is not caching any cacheable content?
>
> I read one other post from a guy who had a very similar problem:
>
> http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-TPROXY-and-empty-access-log-td1036667.html
>
> If I do the same that him specifying in the user's browser the proxy,
> activity (ABORTED request for each web I have tried to access) is
> reflected in access.log. The time out expires and the local LAN users
> cannot access to Internet.
>
> All the information needed please tell me.
>
> Thank you in advance,
>
> Alvaro

Hi,

Does anyone know some configuration guide to configure Squid with TProxy in
the wiki? The three that I only know are:

http://wiki.squid-cache.org/ConfigExamples/FullyTransparentWithTPROXY
http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2#Linux_and_Squid_Configuration
http://wiki.squid-cache.org/Features/Tproxy4

I have followed the steps of the last one.

Is it possible that I am confused and Squid is not able to cache if is
working with TProxy?

Thank you in advance.

 

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TPROXY-tp4658393p4660274.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Tue May 28 2013 - 07:59:21 MDT

This archive was generated by hypermail 2.2.0 : Tue May 28 2013 - 12:00:07 MDT