[squid-users] IPv6 and TPROXY
Eliezer Croitoru
eliezer at ngtech.co.il
Thu Aug 10 00:18:15 UTC 2017
Can you attach or paste\gist the output of:
iptables-save
ip6tables-save
ip rule
??
It will help to also see the tables which you use in conjunction to the "ip rule" based on the mark.
Eliezer
----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il
-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Walter H.
Sent: Tuesday, August 8, 2017 17:15
To: squid-users at lists.squid-cache.org
Subject: [squid-users] IPv6 and TPROXY
Hello,
I did at the ip6tables like this:
https://wiki.squid-cache.org/Features/Tproxy4#iptables_on_a_Router_device
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -i br0 -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -i br0 -p tcp -d 2a02:1788:2fd::b2ff:5302
--dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-ip ipv6lan --on-port 3129
in squid.conf I added
http_port ipv6lan:3129 tproxy
I added the following also this rule to ip6tables
iptables -t filter -A INPUT -i br0 -d ipv6lan -m tcp -p tcp --dport 3129
-m state --state NEW -j ACCEPT
when I have tcpdump run, I get this:
16:08:58.452533 IP6 ipv6host.37656 > 2a02:1788:2fd::b2ff:5302.80: Flags
[S], seq 231343061, win 14400, options [mss 1440,sackOK,TS val 1875817945
ecr 0,nop,wscale 5], length 0
16:08:58.452794 IP6 ipv6lan > ipv6host: ICMP6, destination unreachable,
unreachable port, 2a02:1788:2fd::b2ff:5302 tcp port 80, length 88
when doing:
wget -6 --user-agent="Microsoft-CryptoAPI/10.0" --no-proxy
http://crl.usertrust.com/AddTrustExternalCARoot.crl
(crl.usertrust.com has IPv6 address 2a02:1788:2fd::b2ff:5302)
what am I missing?
Thanks
Walter
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list