[squid-users] Unable to get TPROXY working with squid
Amos Jeffries
squid3 at treenet.co.nz
Fri Feb 27 01:30:06 UTC 2015
On 27/02/2015 12:41 p.m., Carvaka Guru wrote:
> I am building a simple linux firewall router with eth1 LAN port and eth0
> WAN port. I have squid3 running on it that I have built with netfilter
> enabled. The linux version running on the firewall is debian wheezy which
> has iptables with TPROXY and socket support.
>
> By setting up the iptables to send traffic to squid3 using the original nat
> prerouting REDIRECT method everything works fine but I can't get the TPROXY
> method to work. I followed all the steps outlined in
> http://wiki.squid-cache.org/Features/Tproxy4
Uhm... no. You ran a *completely* different command line.
> but no traffic gets to squid3.
> In fact all HTTP traffic goes into some hole as soon as I issue the
> following two routing commands -
>
> ip rule add fwmark 1 lookup 100
> ip route add local 0.0.0.0/0 dev lo table 100
>
> Without these two commands the HTTP traffic goes through but never gets
> routed to squid3.
>
> I think the "ip route" command is the culprit but I don't know why or how
> to change it?
That is explained in the "/!\" notes directly following the example
configuration you "followed".
It even has a whole section "Some routing problems to be aware of" just
to repeat the message about this problem and what to do about it.
<http://wiki.squid-cache.org/Features/Tproxy4#Routing_configuration>
Amos
More information about the squid-users
mailing list