RE: [squid-users] Re: Squid3.1 TProxy weirdness

From: John Lauro <john.lauro_at_covenanteyes.com>
Date: Thu, 4 Feb 2010 08:37:37 -0500

Are you using squid as a router or as a bridge? I could not get squid to
work as a transparent bridge for any kernel >2.6.29. I could not get it to
work as a router for any kernel >=2.6.32. Haven't tried 2.6.31.5
specifically, but as a router 2.6.31.12 works, but not as a bridge.

> -----Original Message-----
> From: mhariri [mailto:meysam.hariri_at_gmail.com]
> Sent: Thursday, February 04, 2010 6:54 AM
> To: squid-users_at_squid-cache.org
> Subject: [squid-users] Re: Squid3.1 TProxy weirdness
>
>
> Hi,
>
> I have the same problem with squid 3.1.0.15 / tproxy 4.1 / iptables
> v1.4.5 /
> kernel 2.6.31.5
> the access.log shows no squid activity and with routing rules mentioned
> in
> TPROXY4 wiki:
>
> ip rule add fwmark 0x1 lookup 100
> ip route add local 0.0.0.0/0 dev lo table 100
>
> i always get connection reset in the browser. without these routing
> rules it
> seems to be working but there is no cache activity and it seems that
> the
> clients are simply forwarded without going through the cache.
>
> the iptables rules are only those mentioned in the wiki and the
> ip_forward
> is set to 1. i've also enabled nonelocal ip binding in the kernel.
>
> i checked to ensure that the squid port for tproxy is actually used and
> the
> answer is positive because changing the port or stopping squid causes
> error
> in the browser!
>
> the result of dmesg shows NF_TPROXY is correctly initialized:
>
> NF_TPROXY: Transparent proxy support initialized, version 4.1.0
> NF_TPROXY: Copyright (c) 2006-2007 BalaBit IT Ltd.
>
> the instructions i used are exactly from the TPROXY4 wiki @ balabit.hu
> and
> i've checked that many times to ensure that the procedure i've taken is
> correct.
>
> --
> View this message in context: http://n4.nabble.com/Squid3-1-TProxy-
> weirdness-tp1042775p1468696.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.5.432 / Virus Database: 271.1.1/2666 - Release Date:
> 02/03/10 19:35:00
Received on Thu Feb 04 2010 - 13:38:43 MST

This archive was generated by hypermail 2.2.0 : Thu Feb 04 2010 - 12:00:04 MST