Search squid archive
RE: RE: Tproxy Squid 3.1
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
Hi, Im facing a weird problem with tproxy few weeks, the problem is, all work fine except clients that is behind a tplink router and another one that i dont remembe, but almost tplink wr541g routers, if i remove iptables mangle redirect rule, client has traffic, enable not, dont speak english very well, so i hope someone can understand and help me.. this is a server with 1000+ clients, and im getting very frustrated with this problem. my config: ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 /sbin/iptables -v -t mangle -N DIVERT /sbin/iptables -v -t mangle -A DIVERT -j MARK --set-mark 1 /sbin/iptables -v -t mangle -A DIVERT -j ACCEPT /sbin/iptables -v -t mangle -A PREROUTING -p tcp -m socket -j DIVERT /sbin/iptables -v -t mangle -D PREROUTING -p tcp --dport 80 \ -j TPROXY --tproxy-mark 0x1/0x1 --on-port 5128 2>&1 /usr/local/sbin/ebtables -t broute -A BROUTING -i eth5 -p ipv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP /usr/local/sbin/ebtables -t broute -A BROUTING -i eth3 -p ipv4 --ip-proto tcp --ip-sport 80 -j redirect --redirect-target DROP cd /proc/sys/net/bridge/ for i in * do echo 0 > $i done unset i echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter echo 1 > /proc/sys/net/ipv4/ip_forward i hav 2 interfaces in bridge, as i said.. all working fine.. except with this tplink routers also got log in iptable mangle, and then i can see traffic from the client router, but traffic cant reach squid , in access.log cant get anything i use a mikrotik as pppoe-server, my network is: router <-> squidbox <-> mikrotik <-> clients With Squid inline on a bridge like this there should be *no* squid related configuration outside the Squid box. Is the tplink being used as "router" or "squidbox" in that diagram? What kernel and iptables version is the squidbox? some of the older 2.6.3x kernels have bridge+tproxy problems. Amos Thanks for the reply! sorry about lack of info.. ok.. my diagram is exactly like that: Internet <-> SquidBox (v 3.1) <-> Mikrotik <-> Client--tplink_router the tplink is used in the client to dial pppoe and share connection inside the client's house my kernel version is 2.6.31-14 ..maybe something related with my kernel? can you recomend me a version with tproxy support? iptables is 1.4.3 ebtables 2.0.10-4 i'll try another kernel version.. thanks for the reply and hope for more help!
[Linux Audio Users] [Photo] [Yosemite News] [Samba] [Video Projectors] [Video Devices] [Big List of Linux Books] [LCD TVs] [Webcams] [Linux USB]