[squid-users] TPROXY Error
Ben Goz
ben.goz87 at gmail.com
Wed Jun 30 12:55:59 UTC 2021
On 30/06/2021 15:25, Antony Stone wrote:
> On Wednesday 30 June 2021 at 14:16:09, Ben Goz wrote:
>
>> I'm trying to configure squid as a transparent proxy using TPROXY.
>> The machine I'm using has 2 NICs, one for input and the other one for
>> output traffic.
>> The TPROXY iptables rules are configured on the input NIC.
> 1. Which version of Squid are you using?
# ./squid -v
Squid Cache: Version 4.15
Service Name: squid
This binary uses OpenSSL 1.1.1f 31 Mar 2020. For legal restrictions on
distribution see https://www.openssl.org/source/license.html
configure options: '--with-openssl' '--enable-ssl-crtd' '--enable-ecap'
'--enable-linux-netfilter' --enable-ltdl-convenience
>
> 2. Please show us the TPROXY rules you have.
iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -i bond0.213 -p tcp --dport 80 -j
TPROXY --tproxy-mark 0x1/0x1 --on-port 15644
iptables -t mangle -A PREROUTING -i bond0.213 -p tcp --dport 443 -j
TPROXY --tproxy-mark 0x1/0x1 --on-port 15645
including:
ip rule add fwmark 1 lookup 100
ip -f inet route add local default dev lo table 100
>
> 3. Please show us the relevant lines for intercept proxying from your
> squid.conf
http_port 15644 tproxy
https_port 15645 ssl-bump tproxy generate-host-certificates=on
options=ALL dynamic_cert_mem_cache_size=4MB
cert=/usr/local/squid/etc/ssl_cert/myCA.pem
dhparams=/usr/local/squid/etc/dhparam.pem
always_direct allow all
>
>
> Regards,
>
>
> Antony.
>
More information about the squid-users
mailing list