Hi all,
I just implement transparent proxy on linux box
consist of;
Fedora Core 4
Kernel 2.6.15
iptables 1.3.5
cttproxy-2.6.15
squid-2.6STABLE4
The kernel and iptables has been patched with the
tproxy patches. This patches should be work since I
saw iptable_tproxy and ipt_tproxy is loaded on kernel.
After squid is start, none can browse the website and
I found many Invalid Request (clientReadRequest &
TCP_DENIED) on both access.log and cache.log.
I just wondering does tproxy and transparent proxying
work in 2.6STABLE4?? If so, is there a special setting
or something I need to set? Any help would be great.
Thanks,
Zul
Note: This configuration below is my config.
---squid compile
./configure \
--enable-epoll \
--enable-snmp \
--enable-removal-policies="heap,lru" \
--enable-storeio="aufs,coss,diskd,null,ufs" \
--enable-linux-netfilter \
--enable-linux-tproxy \
--with-pthreads \
--enable-cachemgr-hostname=localhost \
--enable-underscores \
--enable-fd-config \
--with-maxfd=16384 \
--enable-err-languages=English \
---squid.conf
http_port 3128 tproxy transparent
acl john src 192.168.1.2/255.255.255.255
acl mary src 192.168.1.3/255.255.255.255
http_access allow john
http_access allow mary
http_access deny all
http_reply_access allow all
icp_access allow all
miss_access allow all
cache_effective_user squid
cache_effective_group squid
tcp_outgoing_address 192.168.1.2 john
tcp_outgoing_address 192.168.1.3 mary
---kernel parameters
rp_filter is disabled
ip_forwarding is enabled
iptable_tproxy and ipt_tproxy is loaded
---iptables rule
iptables -t tproxy -A PREROUTING -i eth1 -p tcp -m tcp
--dport 80 -j TPROXY --on-port 3128
---cache.log
2006/11/01 01:05:36| clientReadRequest: FD 15
(192.168.1.2:2327) Invalid Request
2006/11/01 01:05:36| clientReadRequest: FD 15
(192.168.1.2:2328) Invalid Request
2006/11/01 01:05:37| clientReadRequest: FD 15
(192.168.1.3:24163) Invalid Request
2006/11/01 01:05:42| clientReadRequest: FD 15
(192.168.1.3:24164) Invalid Request
---access.log
1162317936.603 0 192.168.1.2 TCP_DENIED/400 2512
GET error:invalid-request - NONE/- text/html
1162317936.767 0 192.168.1.2 TCP_DENIED/400 2436
POST error:invalid-request - NONE/- text/html
1162317937.452 0 192.168.1.3 TCP_DENIED/400 1875
GET error:invalid-request - NONE/- text/html
1162317942.598 0 192.168.1.3 TCP_DENIED/400 1875
GET error:invalid-request - NONE/- text/html
____________________________________________________________________________________
Low, Low, Low Rates! Check out Yahoo! Messenger's cheap PC-to-Phone call rates
(http://voice.yahoo.com)
Received on Thu Nov 02 2006 - 05:14:04 MST
This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:02 MST